2811 router loosing NAT statement

asoka · ‎10-08-2009

My router is a 2811 running Version 12.4(9)T6

image is flash:c2800nm-advipservicesk9-mz.124-9.T6.bin

This router is the internet router and there is a PIX515E behind this, email server is a Exchange server with MS-NLB load balancing two servers (10.y.yyy.16, and 10.y.yyy.17)

Its(NLB) virtual address is 10.y.yyy.18

NATing statement for SMTP is as below

ip nat inside source static tcp 10.y.yyy.18 25 2xx.79.xxx.xxx 25 route-map nonat extendable

After migrating to a new datacenter, with new public IP set, I had to add

static ARP antry and static MAC address table entry to get this working as suggested by many articals.

This will work for some time, but strangely router loose the above line from running config, and I can see the line in startup config.

But sh ip nat translation show many translations to 10.y.yyy.18 and email working OK, but last time we had spend much time to solve the issue after some days it stop using .18(virtual address). This happen again yesterday and still working but I am waiting for more trouble

tcp 2xx.79.xxx.xxx:25 10.y.yyy.18:25 41.130.26.201:29820 41.130.26.201:29820

tcp 2xx.79.xxx.xxx:25 10.y.yyy.18:25 41.130.177.73:23994 41.130.177.73:23994

tcp 2xx.79.xxx.xxx:25 10.y.yyy.18:25 41.140.44.106:2008 41.140.44.106:2008

tcp 2xx.79.xxx.xxx:25 10.y.yyy.18:25 41.145.114.236:2982 41.145.114.236:2982

tcp 2xx.79.xxx.xxx:25 10.y.yyy.18:25 41.145.114.236:3396 41.145.114.236:3396

tcp 2xx.79.xxx.xxx:25 10.y.yyy.18:25 41.196.176.229:52383 41.196.176.229:52383

tcp 2xx.79.xxx.xxx:25 10.y.yyy.18:25 41.243.164.38:21049 41.243.164.38:21049

Any advice pls

Hitesh Vinzoda · ‎10-08-2009

Hi,

Are there multiple translations with the same address ??

e.g.

ip nat inside source static tcp 192.168.2.1 20 192.168.4.5 20 extendable

ip nat inside source static tcp 192.168.2.1 21 192.168.4.5 21 extendable

What i mean is When adding a static NAT translation, a permanent ARP entry is

added. When configuring multiple translations for the same address and

removing one, the ARP entry is removed even though there may be a NAT

translation that still requires it.

sounds like a symptom mentioned for bug "CSCsl81170".

Regards

Hitesh Vinzoda

asoka · ‎10-08-2009

Hi, That info is very helpful,

I do have multiple NAT statements for same address, but disappearance of one statement is automatic, no one remove it from config, it disappear by it self. I can still see the line in startup config.

This may be a bug as mentioned in the caveats CSCsl81170.

What are the implications if I remove PAT(multiple translations to one address) and add a IP level NAT statement for the address.

bpciadmin · ‎10-12-2009

I had a similar situation today. The IP NAT INSIDE SOURCE statement that makes my mailserver available for inbound/outbound access simply disappeared.

In my case, I only have one IP NAT statement for this IP address but have several other IP NAT statements.

I'm running 12.4(15)XZ on a 2801.

I checked the date of the running-config and it dated back to Sep 15, the same date as my startup-config. But when comparing line-by-line, I found the IP NAT statement was missing...

Bayardo Alvarez

asoka · ‎10-12-2009

Hi, I'm planning a upgrade to a higher model and better IOS too.

And, any one to tell me if I use IP level translation without specify a port, what are the implications.

asoka · ‎10-15-2009

I notised this NAT statement reappear after clearing the IP NAT Tranlations. It may be due to resource limitation in the router or NAT time out issue, if any one know how to the dynamic NAt time out in a 2188 with "extendable" keywork included in the IP NAT statement

tohim · ‎11-03-2009

Router 1841 running IOS 12.4(3a) have same trouble.

And I almost shure it is related to MS-NLB load balancing.

Config works more than one year without problems. Last month we setup MS-NLB for our Exchange servers.

Now "ip nat inside" translation misteryously disappears from config. We add it to running config, saving, but after some time it's again goes out.

Seems like bug in IOS. Or unknown feature.

asoka · ‎11-03-2009

Hi, I am waiting to upgrade this 2811 to 2851, for that reason I didn't pursue this any further, but clear ip nat tra * would reapear the NAt translation line for a while, depending on the NAT workload it disaprear accordingly.

My guess, it is bug, and may the workaround is reduce the NAT tranalation time out. I don't know how to do that.

Would any one advice on that pls.