Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Too many NAT Rules created

I have an issue when I have a game query for servers that it creates a NAT rules for each server in the list i'm assuming. I'm running 2621 connected to a DSL Modem. The router will almost lock up creating and deleting NAT rules. Is there something that sticks out in this config? I had this working will with DHCP parm for fa0/1 and IP ROUTE also with DHCP. Its only with the static ISP that I switched to.

interface FastEthernet0/0

description Local Network

bandwidth 1200

ip address [ROUTERIP] 255.255.255.0

no ip proxy-arp

ip nat inside

duplex auto

speed 100

!

interface FastEthernet0/1

description connected to Internet

ip address [ISPSTATIC] 255.255.255.252

no ip proxy-arp

ip nat outside

duplex auto

speed auto

!

ip nat log translations syslog

ip nat inside source list 7 interface FastEthernet0/1 overload

ip nat inside source static tcp [WEBSERVERIP] 80 interface FastEthernet0/1 80

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 [ISPGATEWAY]

8 REPLIES

Re: Too many NAT Rules created

Are you sure it isn't the logging of individual translations that is choking the router?

You're not specifying any port numbers in access-list 7 are you?

New Member

Re: Too many NAT Rules created

access-list 7 permit 192.168.1.0 0.0.0.255

This issue didn't happen with the same setup with cable. I watched the debug when I had cable and it didn't create all these NAT rules. I connected the DSL modem to a old netgear with defaults and it works great. I must be missing something.

Re: Too many NAT Rules created

There doesn't appear to be anything wrong with your NAT configuration.

If you are generating more NAT translations than before (Cisco router/cable ISP), the question may be why is your system connecting to more external hosts? A change in application setup, newer version?

When you say "debug", are you actually referring to CLI debug commands, or that you are logging NAT translations to syslog?

Are you comparing the NetGear's "performance" to the Cisco's performance (with debugging and NAT logging enabled), or are you saying that the NetGear doesn't generate as many NAT translations?

An earlier post (Nov. 2007) shows that you did not have a static NAT to an internal web server.

What portion of the NAT translations relate to connections to that server?

Perhaps you could post a partial output of "sh ip nat translations". If you wish, you can replace the inside-global-ip of each translation for your privacy.

New Member

Re: Too many NAT Rules created

I have the cisco debugging to console. Which I had with cable also. Its pretty easy to reproduce. It happens during a game for explain when it queries for a list of servers. It seems to be creating a NAT rule for each.

Re: Too many NAT Rules created

I'm not familiar with gaming, or the queries for lists of servers. Is the list that is built, not a list of servers that your application has successfully connected too?

A NAT translation will be built for every server you connect to.

If the number of translations in the table is an issue (as opposed to the rate of new translations), perhaps you should timeout old translations earlier with the following command:

ip nat translation tcp-timeout

As far as the debug goes, it does impose a load on the device, and I hope you don't keep debugging enabled all the time.

New Member

Re: Too many NAT Rules created

I had another test to try since my switch from Dynamic to Static IPs. I tried a Wii and it wouldn't stay connected. I'm not sure why browser based requests and pings work well. I switched to using a belkin router and works great. Wii then worked perfectly and so did all other applications.

Re: Too many NAT Rules created

That doesn't move us closer to resolving the issue though.

I was hoping you would have responded with the info asked for (sh ip nat translations) so we could determine whether your gaming was tunneled through port 80; whether you were using HTTP inspection (not shown in your partial config), and if so, how it was being used.

Likewise, how many of the translations were attributable to the internal web server, given that you have not indicated whether that port forwarding is also configured on the Belkin router.

New Member

Re: Too many NAT Rules created

access-list 7 permit 192.168.1.0 0.0.0.255

This issue didn't happen with the same setup with cable. I watched the debug when I had cable and it didn't create all these NAT rules. I connected the DSL modem to a old netgear with defaults and it works great. I must be missing something.

162
Views
0
Helpful
8
Replies