?
Solved

Traceroute returning same destination multiple times

Posted on 2006-10-28
6
Medium Priority
?
4,145 Views
Last Modified: 2008-08-14
Trying to get some clarification, I've tried other sources but no real answer. I'm performing a traceroute to a device with a NAT'd address that is connected via VPN Tunnel, for each device that is hidden, I am recieving the destination IP. Is this normal behaviour or is there something wrong. Could this affect performance between the two devices?

Tracing route to 192.168.63.36 over a maximum of 30 hops

  1     6 ms     6 ms     6 ms  10.199.1.101
  2     7 ms     8 ms     7 ms  10.199.1.2
  3     8 ms     7 ms     7 ms  10.219.12.1
  4    14 ms    11 ms    11 ms  10.219.13.1
  5    15 ms    10 ms    11 ms  192.168.63.36
  6    12 ms    11 ms    11 ms  192.168.63.36
  7    11 ms    10 ms    11 ms  192.168.63.36
  8    12 ms    11 ms    11 ms  192.168.63.36
  9   144 ms    12 ms    11 ms  192.168.63.36
 10    13 ms    11 ms    11 ms  192.168.63.36
 11    12 ms    11 ms    12 ms  192.168.63.36

Trace complete.
0
Comment
Question by:cfbros
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17826296
How many hops to you expect to see? If going through a VPN tunnel, I would not expect to see more than 2.
It appears to be a routing loop, but I would not expect to see the actual destination IP as the responder if it was..
Can you explain your topology a little more? Perhaps a little ascii drawing?
0
 

Author Comment

by:cfbros
ID: 17826370
The number of hops is correct, it is the destination response that i am concerned about. Also, after the 10.219.12.1 response, the rest is on the recipients end and I do not know what the topology is. They claim that this is what I'm suppose to be seeing but I have concerns when I see the destination address responding for each device.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 17826536
Umm, why can't it just be as simple as "They are NATting their replies to you so you specifically don't see any of their topology"?

What exactly is the problem (what does not work)?

Cheers,
-Jon
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 57

Expert Comment

by:giltjr
ID: 17826609
The--Captain hit the nail on the head.  The 5th hop is the 1st point within the 'real' network and they are replacing the source IP addresss on the ICMP (ping) messages so that you can't map out the internal network.
0
 

Author Comment

by:cfbros
ID: 17826719
That I understand, but the question that I'm asking is, should the devices all respond with the NAT'd address?
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 2000 total points
ID: 17827327
>should the devices all respond with the NAT'd address?

No.  Assuming this is what's going on, the NAT box lies to you when it sees IPs that match the NAT rules - that's the whole point.

0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question