In this article we will discuss The debug ip nat Command, will make brief discussion on The debug ip nat Command, In last article we discuss about The show ip nat Commands.
Use the debug ip nat command to verify the operation of the NAT feature by displaying information about every packet that is translated by the router. The debug ip nat detailed command generates a description of each packet considered for translation.
This command also provides information about certain errors or exception conditions, such as the failure to allocate a global address. The debug ip nat detailed command generates more overhead than the debug ip nat command, but it can provide the detail that may be needed to troubleshoot the NAT problem. Always turn off debugging when finished.
Debug ip nat output. The output shows that the inside host (192.168.10.10) initiated traffic to the outside host (184.108.40.206) and the source address was translated to address 220.127.116.11.
When decoding the debug output, note what the following symbols and values indicate:
* (asterisk) – The asterisk next to NAT indicates that the translation is occurring in the fast-switched path. The first packet in a conversation is always process-switched, which is slower. The remaining packets go through the fast-switched path if a cache entry exists.
s= – This symbol refers to the source IPv4 address.
a.b.c.d—>w.x.y.z – This value indicates that source address a.b.c.d is translated to w.x.y.z.
d= – This symbol refers to the destination IPv4 address.
[xxxx] – The value in brackets is the IPv4 identification number. This information may be useful for debugging in that it enables correlation with other packet traces from protocol analyzers.
Verify that the ACL referenced in the NAT command is permitting all of the necessary networks. Only 192.168.0.0/16 addresses are eligible to be translated. Packets from the inside network destined for the Internet with source addresses that are not explicitly permitted by ACL 1 are not translated by R2.