Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2621 NAT

I've got a 2621 acting as a border router running NAT. Lately the router has started locking up and logs are showing either memory or process errors.

Could this be caused by the NAT table getting too big? I've got the timeout set at 2 seconds but still it gets huge. Is there a better setting to put it at?

Thanks

Mike

5 REPLIES
Silver

Re: 2621 NAT

It sounds like you have a virus issue. If you build access-lists for icmp and port 135 traffic you will probably find that there is a hugh number of hits against these deny statements. If so start looking for pc's with a virus issue.

Steve

New Member

Re: 2621 NAT

Thanks for the quick reply. I've got the ones put in place for the worms that are going around. Would hits against them cause this? Is there a way to see data that is getting dropped because of an ACL?

Thanks

Mike

VIP Purple

Re: 2621 NAT

Hello Westman,

if you put the ´log´ keyword at the end of your access list you can see if traffic is dropped by the access list.

I am not so sure about the virus though. You could try to enable ´ip route-cache flow´ on your interfaces, your CPU might just be too busy processing interrupts. It could also be a software bug, which IOS are you running ?

Regards,

Georg

New Member

Re: 2621 NAT

I'm running 12.2(5d). I just setup an ACL for the vty ports so we'll see if that helps.

What should I have the NAT timeout set to? Is there anything else that I need to setup to keep this router up?

-Mike

VIP Purple

Re: 2621 NAT

Hi Mike,

I just ran the issue through the Cisco Bug Toolkit, the result is a whole bunch of known bugs related to NAT, some of them in 12.2(5d). Can you load another IOS (12.3(4.4) if possible) ? Or at least another 12.2 (e.g. 12.2(15))?

I think your NAT timeouts are ok.

Regards,

Georg

107
Views
0
Helpful
5
Replies
CreatePlease to create content