static NAT fails to place ARP entry on outside interface
We have a 2811 running NAT between 2 FE ports (1 inside, 1 outside) and several serial (inside) and the same outside FE port. There are ~100 static NAT entries in the table for devices that need a specific identity on the outside and 1 pool to catch any addresses that don't. Periodically, one of the static NATs will fail. This device hosts a number of things including DNS for the inside and RADIUS from the outside so we know when it can no longer access the outside in short order. If we check the NAT table with show ip nat tr, there are a number of dynamic entries for the device but there is no ARP entry on the outside when we show ARP. If we remove and reenter the static statement, the ARP shows up when traffic is passed and everything works again for days or weeks.
The router is running IOS 12.4(15)XY2 ADVIPSERVICESk9. We plan to upgrade it in our next available maintenance window but see no release notes in the earlier releases relating to an issue such as we are seeing.
Re: static NAT fails to place ARP entry on outside interface
This is a result of the no-alias option that is used on the NAT entries. The no-alias option means that the router does not respond for the addresses and does not install an ARP entry. If another router uses a NAT pool as an inside global pool that consists of addresses on an attached subnet, an alias is generated for that address so that the router can answer Address Resolution Protocol (ARP) requests for those addresses. This causes the router to have ARP entries for the fake addresses.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...