3 Replies Latest reply: May 4, 2014 10:33 PM by Alexander RSS

    An IP address of USA Department of Defense Network Information Center in debug output of a router

    Alexander

      Hello,

       

      TAC Engineer has opened the bug CSCuo38544 -  Strange IP in debug when policy routing, but the "Strange IP" is actually the IP address of DoD Network Information Center.

       

      Here is the output of debug ip packet:

      Mar 20 12:41:13.038: IP: route map rm-pbr-nat-loop, item 100, permit

      Mar 20 12:41:13.038: IP: s=10.10.180.158 (GigabitEthernet0/0), d=10.10.57.14 (Loopback0), len 100, policy routed

      Mar 20 12:41:13.038: IP: GigabitEthernet0/0 to Loopback0 33.182.129.60

      And

      Mar 20 12:41:13.038: IP: s=10.10.180.158 (GigabitEthernet0/0), d=10.10.57.14 (Loopback0), len 100, output feature, NAT ALG proxy(59), rtype 2, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

      Mar 20 12:41:13.038: IP: s=10.10.180.158 (GigabitEthernet0/0), d=10.10.57.14 (Loopback0), g=33.182.129.60, len 100, forward

      Mar 20 12:41:13.038: IP: s=10.10.180.158 (GigabitEthernet0/0), d=10.10.57.14 (Loopback0), len 100, sending full packet

       

      Can anyone explain, why does it popup in debug output?

      Is such ip addresses hardwired in IOS?

       

      To test this you need configure NAT on a Stick according to my scenario, I have only changed the first and the second octet in the ip addresses:

      IOS 15.3(3)M2

       

      interface Loopback0

      ip address 10.0.1.1 255.255.255.252

      ip nat inside

      ip virtual-reassembly in

       

      interface GigabitEthernet0/0

      ip address 10.10.57.9 255.255.255.224

      no ip proxy-arp

      ip nat outside

      ip virtual-reassembly in

      ip policy route-map rm-pbr-nat-loop

       

      ip nat inside source list NAT-Loop interface GigabitEthernet0/0 overload

      ip nat outside source static 10.10.56.55 10.10.57.14 no-alias

       

      ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0  10.10.57.1

       

      ip access-list extended NAT-Loop

      permit ip host 10.10.180.158 any

       

      ip access-list extended PBR-NAT-Loop

      permit ip host 10.10.180.158 host 10.10.57.14

       

      route-map rm-pbr-nat-loop permit 100

      match ip address PBR-NAT-Loop

      set interface Loopback0

       

      access-list 90 permit 10.10.180.158

       

      Then debug ip packet 90 and debug ip policy

       

      And ping 10.10.57.14 from 10.10.180.158

       

       

      Network diagram in the attachment.

       

      Thank you.