Cisco ONS 15454 Series Multiservice Provisioning Platforms

Use PAT to Establish a Session Between CTC and ONS 15454 when CTC is Inside the Firewall

Document ID: 63775

Updated: Jan 11, 2006



This document provides a sample configuration for Port Address Translation (PAT) to establish a session between Cisco Transport Controller (CTC) and ONS 15454 when CTC resides inside the firewall.



Ensure that you meet these requirements before you attempt this configuration:

  • Have basic knowledge about Cisco ONS 15454.

  • Know which Cisco Routers support PAT.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco ONS 15454 version 4.6.X and later

  • Cisco IOS® Software Release 12.1(11) and later

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information


The topology consists of these elements:

  • One Cisco ONS 15454

  • One PC

  • One Cisco 2600 Series Router

The ONS 15454 resides in the external network and acts as the server. The PC resides in the internal network, and serves as the CTC client. The Cisco 2600 Series Router provides the PAT support.


In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

Figure 1 – Topology



This document uses these configurations:

  • Cisco ONS 15454

  • PC

  • Cisco 2600 Series Router

Cisco ONS 15454 Configuration is the IP address of the ONS 15454 (see arrow A in Figure 2), and represents the default router (see arrow B in Figure 2).

Figure 2 – ONS 15454 Configuration


Complete these steps in order to ensure that CTC communicates with ONS 15454 through PAT:

  1. Check the Enable proxy server on port check box in the Gateway Settings section (see arrow C in Figure 2).

  2. Select the Proxy-only option (see arrow D in Figure 2).

  3. Click Apply.

If you do not enable the proxy server, CTC fails with these error messages:

  • EID-2199 (see Figure 3)

  • Failure during IOR Repository Initialization (see Figure 4).

Figure 3 – EID-2199 Error


Figure 4 – CTC Initialization Error


PC Configuration is the IP address of the PC (see arrow A in Figure 5), and represents the default gateway (see arrow B in Figure 5).

Figure 5 – PC Configuration


Router Configuration

This section provides the procedure to configure the router.

Complete these steps:

  1. Configure the internal interface, where the ONS 15454 resides.

    interface Ethernet1/0
     ip address
     ip nat outside
  2. Configure the external interface, where the CTC client resides.

    interface Ethernet1/1
     ip address
     ip nat inside
  3. Configure PAT support on the router. The configuration indicates that any packet that arrives on the internal interface, which access list 1 permits, shares one outside IP address. The outside IP address is in this configuration.

    !--- Indicates that any packets that arrive on the internal interface, which
    !--- access list 1 permits, share one outside IP address (the address 
    !--- on ethernet1/0).
    ip nat inside source list 1 int ethernet1/0 overload
    access-list 1 permit


Use this section to confirm that your configuration works properly.

Verification Procedure

Complete these steps:

  1. Run Microsoft Internet Explorer.

  2. Type in the Address bar of the browser window, and press ENTER.

    The CTC Login window appears.

  3. Type the correct User Name and Password.

    The CTC client successfully connects to ONS 15454.


This section provides information you can use to troubleshoot your configuration.

Issue the debug ip nat detailed command to turn on the IP NAT detailed trace. You can view the address translations from to (see arrow A in Figure 6), and from to (see arrow B in Figure 6).

Figure 6 – Debug IP NAT Detailed


Related Information

Updated: Jan 11, 2006
Document ID: 63775