Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT and packet fragment

Hello team!

I have one rare and strong problem with NAT. Some time NAT traffic dropped and end-hosts not received any packets. If timeout is long, than session destroyed but on the 7600 router (latest SRB1 IOS) NAT translation is active. If timeout not so long, than session not destroyed.

At the moment of packets drop we can see following debug:

Jul 27 09:40:45.862: NAT*: creating fragment 1.1.1.10 1.1.1.24 26277 17 -- 161 1065

Jul 27 09:40:45.862: NAT*: fo 185, looking for fragment 1.1.1.10 1.1.1.24 26277 17

Jul 27 09:40:45.862: NAT*: found fragment 1.1.1.10 1.1.1.24 26277 17 -- 161 1065

Jul 27 09:41:00.810: NAT: expiring fragment 1.1.1.10 1.1.1.24 26277 17

Have any body helpful info about this problem?

1 REPLY
Silver

Re: NAT and packet fragment

First of all I would like to say you please don?t send any sensitive information in post like public IP address etc..

When Fragment Packet and non-Fragment Packet come in NAT+CEF router. Fragment Packet need to pass thought the packet with process switch and non-Fragment Packet that can still use CEF to switching the packet as well. That is the reason why after come in non-Fragment packet will come over Fragment Packets after NAT translated.

721
Views
0
Helpful
1
Replies
CreatePlease login to create content