2 Replies Latest reply on Feb 14, 2014 8:12 AM by nthomas852

    Ping sourcing private LAN interface

    nthomas852 New Member

      When working in Adtran devices, I've noticed a behavior that I need some clarification on.

      I work for an ISP and we have a number of different devices we have supplied to our enterprise customers.

      With Cisco devices, we often confirm Internet access by logging into the device and issuing a ping to an outside IP address and source the LAN interface.

       

      Adtran devices allow this same thing to be done when there is a public address on the LAN interface.  However, if there is a private address (with NAT) the pings always fail.

       

      For example:

       

      xxxxx-908e#ping 8.8.8.8 source 10.10.10.1

      Type CTRL+C to abort.

      Legend: '!' = Success, '?' = Unknown host, '$' = Invalid host address

              '*' = Request timed out, '-' = Destination host unreachable

              'x' = TTL expired in transit

       

      Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

       

      *****

      Success rate is 0 percent (0/5)

       

      While researching this, I read somewhere that Adtran devices will not NAT self-generated traffic.  Is this true?

       

      Message was edited by: nthomas852

        • Re: Ping sourcing private LAN interface
          david Employee

          Nina,

           

          Thanks for posting to the Support Community!  You are correct that the unit will not perform NAT on self sourced traffic.  The NAT rules in the firewall are applied inbound on an interface. Since this traffic never comes in on an interface to which a "NAT source" rule is applied, we are responsible for making sure the source IP address is something reachable by the far end when we issue the command. If your goal is just to verify NAT operation within the unit, the "show ip policy-sessions" command is useful. As long as anything on the LAN is generating traffic you can view the NAT take place.

          NetVanta 6355#show ip policy-sessions

           

          Policy class "Private":

          tcp (600) -> Public

            192.168.101.34  62472    8.8.8.8   80       s  x.x.x.x   62472 

          In this example, we see the source IP and port, followed by the destination IP and port.  The 's' means that the source was modified to x.x.x.x and the source port was not modified.

           

          Hope this helps!

          David

          • Re: Ping sourcing private LAN interface
            nthomas852 New Member

            Thanks so much for the reply!

            I was 99% sure that was the case, but was unable to find this documented by Adtran (I'm sure it's out there somewhere).