Loading...
Loading...
When executing a traceroute, the output shows asterisks instead of response times.
A router with VRFs configured does not properly NAT the traceroute responses when a static route for the outside IP address is configured.
Having a static route for a NAT address is an invalid configuration. Remove the static route from the configuration.
When a router has a static route configured for the outside IP address, traceroute responses are not NAT'ed correctly. The NAT feature touches the packet, but it doesn't take action on it. When the static route is removed, the traceroute works as expected. Pings work as expected with or without the static route configured. Please refer to the following configurations: Router#show run int Gi0/0/0.123 ! interface GigabitEthernet0/0/0.123 description LAN-NAT_Inside encapsulation dot1Q 123 ip vrf forwarding Example_VRF ip address 192.168.100.1 255.255.255.0 ip nat inside end Router#show run int Gi0/0/1 ! interface GigabitEthernet0/0/1 description WAN ip address 100.123.45.65 255.255.255.252 ip nat outside load-interval 30 negotiation auto end Router#show run | in ip nat ip nat pool NATPOOL 1.2.3.4 1.2.3.4 prefix-length 30 <<<----------------- 1.2.3.4 is the NAT IP address ip nat inside source list 100 pool NATPOOL vrf Example_VRF overload Router#show run | in ip route 1.2.3.4 ip route 1.2.3.4 255.255.255.255 GigabitEthernet0/0/0.123 <<<------------ Static route configured for 1.2.3.4 ++ With the static route configured: Router#traceroute vrf Example_VRF 5.6.7.8 source Gi0/0/0.123 Type escape sequence to abort. Tracing the route to 5.6.7.8 VRF info: (vrf in name/id, vrf out name/id) 1 * * * <<<------------------------------------------- traceroute responses are not processed by the router 2 * * * ++ Without the static route configured: Router#traceroute vrf Example_VRF 5.6.7.8 source Gi0/0/0.123 Type escape sequence to abort. Tracing the route to 5.6.7.8 VRF info: (vrf in name/id, vrf out name/id) 1 100.123.45.66 1 msec * 1 msec <<<------------------------------------------- A FIA trace (Feature Invocation Array) on the router shows that the NAT feature does not take action on the traceroute response when the static route is configured.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.