Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

clear ip nat trans *

I recieved a call from one of our desktop support techs recently about a single user that could not reach the internet. He swore up and down that he had checked everything on the user end, and could not find anything wrong. The browser would open, and nothing would happen. Begging me to look at the routers, I decided to humor him. Among the things I checked was to see what NAT address was being given to the user. Using a

sh ip nat trans

command I could not see this particular users machine as having been given a NAT address out of the pool. The pool, by the way, still had several hundred unused addresses in it. On a whim, I issued a

clear ip nat trans *

command and asked the support tech on site to re-open the browser. Immediately the users internet connection was restored. Since this incident, the user has experienced the same phenomenon several times. Clearing the NAT translation pool has fixed the problem every time. None of my other users have complained about this problem, and although I suspect it to be tied to the local host, I am at a loss to explain how clearing the NAT pool fixes the problem every time.


Re: clear ip nat trans *

The host is obviously unaware of NAT, so any connectivity issues would tend to susepct the cisco, especially when clearing the table solves the problem. I can't explain why it's only this one user that seems to have been effected so far. You should ensure that you have recent 12.1 or 12.2 code running, and when the problem occurs again collect "debug ip nat detail" with an access-list while the host is trying to communicate, and the output may help to indicate what's wrong.

Re: clear ip nat trans *

Thanks for the debug info, I will give that a shot. I realize that the host is unaware of NAT, but the fact that it affects only one of approximately 2500 users that go through that router makes me wonder what is special about this one particular machine. I do need to upgrade the IOS on that particular router, so at least now I have an excuse to do it. Do you think if I gave this user a static NAT map it may remedy this problem? I obviously have no idea what is causing the problem, and I am being asked to explain it. Thanks again

New Member

Re: clear ip nat trans *

Have you tried static configuration of a different IP address on the user's machine? This could eliminate the outside possibility of a duplicate IP address. Another tip is to lock down the user's switch port and NIC card to 100/Full to eliminate the possibility of auto-negotiation errors causing occasional malformed packets, which could confuse the NAT process.

Re: clear ip nat trans *

I have verified there is no duplicate IP address. I will lock down the NIC and switch port first thing tomorrow. I've had lots of other problems with auto negotiation before, but never one that has affected NAT. This particular user is pretty far back at the tail end of a stub network. Do you think I should monitor the interfaces for errors on all the routers that she has to go through? If so, what exactly should I be looking for? The "sh int" command isn't going tell me anything specific, so should I look to debug something particular besides the NAT? If memory serves, she goes through a 3548 to a 2900, to a 3660, to another 3660, through a PIX 520, to a 4700, where the NAT is occuring (It's a long story, I may move NAT when I have some time) to a LS1010 and out on the DS3.....ATM of course. So from the 4700 back, there are a lot of places to look, and I'm not sure what exactly I should be looking for. This is just an irratation, but one I would like to solve. Thanks

CreatePlease login to create content