cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
300
Views
0
Helpful
3
Replies

NAT stopping some times ---- Urgent

ilnaiduccna
Level 1
Level 1

Hi All,

I have the below NAT statements configured in my Cisco IOS FW, and those acting as strange in some times.

sometimes its giving problems like NAT not happening (seesm stoped)

When i manually remove and re-add same NAT statement then its working fine

Experts can someone tell me why this is happening like this, what could be the problem

Please find the below NAT statements

ip nat pool nonat 195.34.5.67 195.34.5.67 netmask 255.255.255.248

ip nat source static 195.34.5.68 10.38.2.11 route-map DKRGLDAP extendable

ip nat source static 10.38.2.11 195.34.4.68 route-map DKRGLDAP extendable

ip nat inside source route-map nonat pool nonat overload

ip nat inside source static tcp 192.178.119.30 80 195.34.5.68 80 extendable

ip nat inside source static tcp 10.38.2.11 389 195.34.5.68 389 extendable

ip nat inside source static tcp 192.178.119.30 443 195.34.5.68 443 extendable

ip nat inside source static tcp 10.17.1.10 21 195.34.5.69 21 extendable

ip nat inside source static tcp 192.178.119.20 25 195.34.5.69 25 extendable

ip nat inside source static tcp 10.46.5.40 443 195.34.5.69 443 extendable

ip nat inside source static tcp 10.17.1.10 1503 195.34.5.69 1503 extendable

ip nat inside source static tcp 10.46.5.40 1741 195.34.5.69 1741 extendable

ip nat inside source static tcp 10.17.1.10 3299 195.34.5.69 3299 extendable

ip nat inside source static 10.28.2.200 195.34.5.70 extendable

ip nat inside source static 10.46.5.100 195.34.4.37 extendable

ip nat inside source static tcp 10.17.1.20 21 195.34.4.38 21 extendable

ip nat inside source static tcp 10.17.1.20 1503 195.34.4.38 1503 extendable

ip nat inside source static tcp 10.17.1.20 3299 195.34.4.38 3299 extendable

Regards,

Naidu.

3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Naidu,

please add a sh ver to tell us the router model and IOS image that is running.

verify also

sh proc mem | inc Free

the amount of free memory over time

sh ip nat translations

check the number of NAT entries

sh proc cpu | inc util

sh proc cpu sorted 1min

sh proc cpu history

Hope to help

Giuseppe

Hi Giuseppe,

Thank you very much for your response.

Regarding number of NAT entries are there only howmany i mentioned in my first post.

And the NAT entry (ip nat inside source static 10.28.2.200 195.34.5.70 extendable) which we are facing regular trouble is having only one entry with one public IP, then every time if i remove and add it again its working fine.

There might be more translations for this entrie as this is for VPN.

Please find the below details as you suggested:

#sh ver

Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Sat 18-Nov-06 15:32 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)

DKIGNFW01 uptime is 11 weeks, 5 days, 14 hours, 39 minutes

System returned to ROM by power-on

System restarted at 01:36:28 UTC Thu Apr 23 2009

System image file is "flash:c1841-adventerprisek9-mz.124-11.T.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 1841 (revision 6.0) with 236544K/25600K bytes of memory.

Processor board ID FCZ1037221E

2 FastEthernet interfaces

#sh proc mem | inc Free

Processor Pool Total: 169860960 Used: 132651524 Free: 37209436

I/O Pool Total: 26214400 Used: 4195904 Free: 22018496

PID TTY Allocated Freed Holding Getbufs Retbufs Process

#sh proc cpu | inc util

CPU utilization for five seconds: 8%/5%; one minute: 13%; five minutes: 39%

Regarding CPU usage is 20% average.

Regards,

Naidu.

Hello Naidu,

sorry I missed your answer.

I don't know if you have solved this issue.

However, I would suggest the following:

what if instead of troublesome entry

ip nat inside source static 10.28.2.200 195.34.5.70 extensible

you use

ip nat inside source static 10.28.2.200 195.34.5.70

+

ip nat outside source static 195.34.5.70 10.28.2.200

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco