NAT stopping some times ---- Urgent

Unanswered Question
Jul 13th, 2009
User Badges:

Hi All,


I have the below NAT statements configured in my Cisco IOS FW, and those acting as strange in some times.

sometimes its giving problems like NAT not happening (seesm stoped)

When i manually remove and re-add same NAT statement then its working fine


Experts can someone tell me why this is happening like this, what could be the problem

Please find the below NAT statements



ip nat pool nonat 195.34.5.67 195.34.5.67 netmask 255.255.255.248

ip nat source static 195.34.5.68 10.38.2.11 route-map DKRGLDAP extendable

ip nat source static 10.38.2.11 195.34.4.68 route-map DKRGLDAP extendable

ip nat inside source route-map nonat pool nonat overload

ip nat inside source static tcp 192.178.119.30 80 195.34.5.68 80 extendable

ip nat inside source static tcp 10.38.2.11 389 195.34.5.68 389 extendable

ip nat inside source static tcp 192.178.119.30 443 195.34.5.68 443 extendable

ip nat inside source static tcp 10.17.1.10 21 195.34.5.69 21 extendable

ip nat inside source static tcp 192.178.119.20 25 195.34.5.69 25 extendable

ip nat inside source static tcp 10.46.5.40 443 195.34.5.69 443 extendable

ip nat inside source static tcp 10.17.1.10 1503 195.34.5.69 1503 extendable

ip nat inside source static tcp 10.46.5.40 1741 195.34.5.69 1741 extendable

ip nat inside source static tcp 10.17.1.10 3299 195.34.5.69 3299 extendable

ip nat inside source static 10.28.2.200 195.34.5.70 extendable

ip nat inside source static 10.46.5.100 195.34.4.37 extendable

ip nat inside source static tcp 10.17.1.20 21 195.34.4.38 21 extendable

ip nat inside source static tcp 10.17.1.20 1503 195.34.4.38 1503 extendable

ip nat inside source static tcp 10.17.1.20 3299 195.34.4.38 3299 extendable


Regards,

Naidu.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 07/14/2009 - 05:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Naidu,

please add a sh ver to tell us the router model and IOS image that is running.


verify also


sh proc mem | inc Free


the amount of free memory over time


sh ip nat translations


check the number of NAT entries


sh proc cpu | inc util

sh proc cpu sorted 1min

sh proc cpu history


Hope to help

Giuseppe


ilnaiduccna Tue, 07/14/2009 - 06:16
User Badges:

Hi Giuseppe,


Thank you very much for your response.


Regarding number of NAT entries are there only howmany i mentioned in my first post.

And the NAT entry (ip nat inside source static 10.28.2.200 195.34.5.70 extendable) which we are facing regular trouble is having only one entry with one public IP, then every time if i remove and add it again its working fine.

There might be more translations for this entrie as this is for VPN.



Please find the below details as you suggested:


#sh ver

Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Sat 18-Nov-06 15:32 by prod_rel_team


ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)


DKIGNFW01 uptime is 11 weeks, 5 days, 14 hours, 39 minutes

System returned to ROM by power-on

System restarted at 01:36:28 UTC Thu Apr 23 2009

System image file is "flash:c1841-adventerprisek9-mz.124-11.T.bin"



This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.


A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html


If you require further assistance please contact us by sending email to

[email protected].


Cisco 1841 (revision 6.0) with 236544K/25600K bytes of memory.

Processor board ID FCZ1037221E

2 FastEthernet interfaces



#sh proc mem | inc Free

Processor Pool Total: 169860960 Used: 132651524 Free: 37209436

I/O Pool Total: 26214400 Used: 4195904 Free: 22018496

PID TTY Allocated Freed Holding Getbufs Retbufs Process



#sh proc cpu | inc util

CPU utilization for five seconds: 8%/5%; one minute: 13%; five minutes: 39%


Regarding CPU usage is 20% average.


Regards,

Naidu.

Giuseppe Larosa Fri, 07/17/2009 - 10:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Naidu,

sorry I missed your answer.


I don't know if you have solved this issue.


However, I would suggest the following:


what if instead of troublesome entry


ip nat inside source static 10.28.2.200 195.34.5.70 extensible


you use

ip nat inside source static 10.28.2.200 195.34.5.70

+

ip nat outside source static 195.34.5.70 10.28.2.200


Hope to help

Giuseppe



Actions

This Discussion