what is the output of a debug ip nat and debug ip packet when this is occuring.
Change everything to static routing and disable everything else to minimize the amount of other traffic being seen. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Wednesday, May 18, 2011 8:18 AM To: [email protected] Subject: [OSL | CCIE_Security] ip tcp intercept with NAT doesn't work Hi all R2 is doing NAT and translating R1's IP address. R3 can see only R1's post NAT address. R1 ---------------- R2 ----------------- R3 Now either, if I try to telnet from R3 to R1 (NATTed address) or R1 to R3, telnet fails. It seems R2 doesn't get the ACK reply back to the SYN/ACK sent by it after intercepting. It keeps retransmitting till the timeout. The same works with watch mode Does this mean, ip tcp intercept in intercept mode will not work with NAT? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
