1841: Editing NAT configuration via CCP crashes device?

kristinmaling · ‎09-29-2010

Hello.

Whenever I try and edit/delete a NAT entry via CPP (tried v2.1, v2.2 and v2.3 — even rolled back to SDM as a last resort), when I "delver" the command, it says it's delivering 14 commands, we loose connection to the internet (internal network remains up), and eventually it times out saying it's lost connection to the router (with the router locking up and the only way to bring it back online is by flipping the on/off switch).

I've made edits to NAT entries many times without issue, but all of a sudden this started happening today. Nothing has changed on the device? Here are the commands it's trying to send:

--

interface FastEthernet0/1

no ip nat inside

exit

interface FastEthernet0/0

no ip nat outside

exit

do clear ip nat translation forced

no ip nat inside source static tcp 192.168.1.52 22 72.15.55.42 22

ip nat inside source static tcp 192.168.1.50 22 72.15.55.42 22

interface FastEthernet0/1

ip nat inside

exit

interface FastEthernet0/0

ip nat outside

exit

--

All I'm trying to do is change the internal IP address of where SSH connections go. I've also tried to delete the entry and create a new one, but as soon as I try and deliver the commands to delete, the same thing happens — the 1841 locks up and we loose our connection to the outside.

Any advice would be appreciated!

Thanks,

Kristin.

Federico Coto Fajardo · ‎09-29-2010

Hi,

You said this happens using the GUI interface.

I'm just curious... does the same thing happen when you enter those commands via the CLI?

Federico.

kristinmaling · ‎09-30-2010

Well, first off — last night I remoted into my machine from home and tried editing the configuration once again through CCP, and this time it worked instantly. I'd tried this exact same thing several times during the day (directly from my machine) and each time it failed — but, attempting it again in the evening, (around 11:30PM — well after business hours/everyone had gone home) it worked without issue. So, I'm wondering — when making edits like this to the running config, does it matter that I'm doing it while the network is highly active? It might just be coincidence, but it's odd that it constantly hung up the router while there was a lot of network traffic, but had no issue later in the evening when there was barely any network traffic.

Anyway, back to your question, re: sending the commands via CL — I have to be honest, I've never attempted this. I came to using Cisco hardware from using SonicWALL hardware for years. With the SonicWALL hardware, everything was done cleanly through the GUI interface (never had a single issue like this). I was sold on "upgrading" to the Cisco hardware by a Cisco professional who told me I'd not need to worry about the CL commands since it had a well-established GUI interface (SDM at the time, now CCP). This was a major consideration for me moving to Cisco hardware since I am not Cisco-certified and had no experience with Cisco commands for modifying the configuration. Again, I was told this would not be an issue and that anything I would be required to do with regards to managing the device, I'd be able to do via the GUI. And, up until now (over a year later), this has been true and the device has been a stable workhorse and had never gone down or had to be reset once. But now, in the last 24 hours, I've had the GUI kill the device numerous times and have had to reboot it just as many times to get it back online. All from just sending a NAT configuration command via the GUI.

That said, I'd be comfortable dealing with the CL, but I've had no luck in finding any references to the CL language/commands/etc. If you'd be able to provide me with any references, I'd be sure to give it a shot and see if the CL commands make any difference via the GUI?

Thanks for taking the time to respond to my question!

Kristin.