icmperr in nat

Unanswered Question
Mar 28th, 2007
User Badges:

Hi all


getting intermittent connection problems with a server behind 837 router configured with nat overload. IOS 12.3(8)-YI2.


When connection problem occurs a show ip nat translations shows an icmperr to the server's ip adress. What does this mean?


Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fmeetz Tue, 04/03/2007 - 05:48
User Badges:
  • Bronze, 100 points or more

Solution: IOS upgrade 12.4(5) or later


Danilo Dy Tue, 04/03/2007 - 05:58
User Badges:
  • Blue, 1500 points or more

Hi,


There is an IOS bug regarding icmperr in the show ip nat translation output.


The fix is to upgrade your IOS image.


Symptoms:

A router may stop translating packets using NAT, when a NAT entry with

protocol "icmperr" is observed in the "show ip nat translation" output.


Conditions:

These sysmptoms are observed in a Cisco router when the router is

configured with only dynamic NAT translations with a single address in

the NAT pool, or when configured using "interface overload".


Workaround:

To clear all the NAT translations using "clear ip nat trans *" command.


This is a problem in recent PI6 images. It did not occur in PI6 images

built prior to January 1st, 2005.


To allow additional translations to be created while the router has

created one with the ICMPERR, what you would need to do is to create an

IP NAT POOL containing more than 1 public IP address and perform NAT

overload over it. This way, when one of the IP addresses is taken over

by this erroneous translation, the other IP addresses will still be

able to be used as the Inside Global address. You will also have to

reduce the ICMP nat timeout so the router punts out the icmperr

translation sooner making the used IP address available again.

Actions

This Discussion