Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1193
Views
0
Helpful
1
Replies

NAT and packet fragment

SVvoropaev
Level 1
Level 1

‎07-30-2007 03:25 AM - edited ‎03-05-2019 05:34 PM

Hello team!

I have one rare and strong problem with NAT. Some time NAT traffic dropped and end-hosts not received any packets. If timeout is long, than session destroyed but on the 7600 router (latest SRB1 IOS) NAT translation is active. If timeout not so long, than session not destroyed.

At the moment of packets drop we can see following debug:

Jul 27 09:40:45.862: NAT*: creating fragment 1.1.1.10 1.1.1.24 26277 17 -- 161 1065

Jul 27 09:40:45.862: NAT*: fo 185, looking for fragment 1.1.1.10 1.1.1.24 26277 17

Jul 27 09:40:45.862: NAT*: found fragment 1.1.1.10 1.1.1.24 26277 17 -- 161 1065

Jul 27 09:41:00.810: NAT: expiring fragment 1.1.1.10 1.1.1.24 26277 17

Have any body helpful info about this problem?

Labels:
0 Helpful
1 Reply 1

sbilgi
Level 5
Level 5

‎08-03-2007 05:47 AM

First of all I would like to say you please don?t send any sensitive information in post like public IP address etc..

When Fragment Packet and non-Fragment Packet come in NAT+CEF router. Fragment Packet need to pass thought the packet with process switch and non-Fragment Packet that can still use CEF to switching the packet as well. That is the reason why after come in non-Fragment packet will come over Fragment Packets after NAT translated.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card