I've encountered a really odd issue. Here's the situation:
Two routers: 2821 (R1) and 2811(R2). R1 is the main router that carries to-Internet traffic. R2 is a VPN gateway, being also a default gateway for one VLAN (say VLAN111, 10.111.222.0/24). R2 is hosting an IPSec tunnel and routes multicast traffic from VLAN111 to a certain destination (R1 has multicast routing disabled). R2 is separated from the rest of the network - it doesn't participate in any routing protocols, it simply uses R1 as it's gateway. Currently there's only one user on VLAN111 - say 10.111.222.99. We use private IP addresses internally - R1 does NAT for the internal users, so traffic is sourced from it's main public IP address. R1 is also a vpn gateway for remote clients (using Cisco VPN client) - it listens for the VPN client requests on the same public IP address. Suddenly, I received a notification that users are unable to connect to R1 using their vpn clients. This is what I found on R1:
# show ip nat translations | inc 10.111
--- [public IP]:0 10.111.222.99:0 --- ---
Which is nothing else but a 1-to-1 static NAT that captures the main public IP and NATs it to an IP on VLAN111. I did some sanity checks, went through the configuration archive and running-config, and I found nothing related to this. Is there any reasonable explanation why such translation can appear suddenly? Or is it a bug? This has happened two times already during the last few weeks. It wasn't happening when there were no users on VLAN111. Nothing related to this on the switches either (all Catalyst 4948).
R1: (C2800NM-ADVIPSERVICESK9-M), Version 12.4(3d), RELEASE SOFTWARE (fc3)
R2: (C2800NM-ADVSECURITYK9-M), Version 12.4(3g), RELEASE SOFTWARE (fc2)
I must note that although it looks like a static NAT translations, it is a dynamic one and the problem goes away as soon as I do "clear ip nat translation *" - but reappears after a few weeks.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...