Loading...
Loading...
Regarding the operation enabling communication from outside the NAT
For TCP traffic originating from the outside side of NAT, Cisco IOS XE Software, Version 17.12.04a does not send RST packets. Cisco IOS XE Software, Version 17.12.06 sends RST packets after NAT the source IP address. Such settings are configured. ------------------------------------ interface GigabitEthernet0/0/2 ip address xxx.xxx.xxx.xxx 255.255.255.248 ip nat outside ip nat pool natpool-GigabitEthernet0/0/2-0 ooo.ooo.ooo.ooo ooo.ooo.ooo.ooo prefix-length 29 ip nat inside source list global-list pool natpool-GigabitEthernet0/0/2-0 overload egress-interface GigabitEthernet0/0/2 ------------------------------------ On OS version 17.12.04a, when receiving TCP traffic from outside addressed to the IP address of an outside physical interface, no response is returned as follows. ------------------------------------ Router#show ver Cisco IOS XE Software, Version 17.12.04a Router#show ip nat translations Total number of translations: 0 C:\Users\calo>nmap -sS xxx.xxx.xxx.xxx -p 1028 ?-source-port 53 Starting Nmap 7.98 ( https://nmap.xxx ) at 2025-12-22 20:26 -0600 Nmap scan report for xxx.xxx.xxx.xxx Host is up (0.0016s latency). ------------------------------------ When receiving TCP traffic addressed to the IP address of an outside physical interface from an external source on OS version 17.12.06, the NATed traffic is returned as follows. ------------------------------------ Router#show ver Cisco IOS XE Software, Version 17.12.06 Router#show ip nat translations Total number of translations: 0 C:\Users\calo>nmap -sS xxx.xxx.xxx.xxx -p 1028 ??source-port 53 Starting Nmap 7.98 ( https://nmap.xxx ) at 2025-12-22 19:55 -0600 Nmap scan report for xxx.xxx.xxx.xxx Host is up (0.0010s latency). Router#show ip nat translations Pro Inside global Inside local Outside local Outside global icmp ooo.ooo.ooo.ooo:23189 xxx.xxx.xxx.xxx:23189 zzz.zzz.zzz.zzz:23189 zzz.zzz.zzz.zzz:23189 tcp ooo.ooo.ooo.ooo:1028 xxx.xxx.xxx.xxx:1028 zzz.zzz.zzz.zzz:53 zzz.zzz.zzz.zzz:53 Total number of translations: 2 ------------------------------------
Using Cisco IOS XE Software, Version 17.12.06, with NAT configured.
Downgrade to Cisco IOS XE Software Version 17.12.04a.
This symptom was confirmed in controller mode.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.