Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
5
Replies

ip nat static stops working - dynamic continues to work

jamie.brooks
Level 1
Level 1

‎10-25-2001 08:13 PM - edited ‎03-01-2019 07:01 PM

I have a customer using a 3600 Cisco router w/12.1 IOS. I have a static nat setup for the mail server for ports 25, 110, and port 80 for OWA.

We reload/reboot the router and everything works fine. After about 3hrs the mail server can no longer access the internet outbound. It can still receive email but all outbound mail queues on the server. The server can not resolve DNS queries, or any outbound access.

Here is my ip nat commands:

ip nat inside source static tcp xxx.xxx.xxx.xxx 25 xxx.xxx.xxx.xxx 25 extendable

(same for ports 110 and 80).

ip nat inside (assigned to e0)

all users are setup to use the ip nat pool dynamic...this works even after the static nat stops working.

Anyone give me a idea of what to look at. It use to work all of the time. Now it is intermittent only for the mail server (static nat).

Thanks, jamie

Labels:
0 Helpful
5 Replies 5

danne
Level 1
Level 1

‎10-26-2001 12:59 AM

Hello !

What does the "debug ip nat" command show when you have the problem ?

/ BR Daniel

0 Helpful

jamie.brooks
Level 1
Level 1
In response to danne

‎10-28-2001 02:30 PM

have not ran the statement/command? will do next time I have the problem

0 Helpful

Liam3
Level 1
Level 1

‎10-26-2001 04:39 AM

Where is your DNS server? I'm assuming it is the same box oas the mail server. I would start by looking at the dynamic table (show ip nat trans) when dns stops working. Since mail uses so many dns lookups, I would think you might be filling the table with dynamic translations for port 53. I don't know what the default limit is, I believe it's somewhere around 1000 but that can be changed with the following commands:

ip nat translation timeout

ip nat translation tcp-timeout

ip nat translation udp-timeout

ip nat translation dns-timeout

ip nat translation icmp-timeout

The other option may be to put an extendable static nat on port 53 tcp and 53 udp. Not sure if you want to do that, but it might limit the number of assignments from the dynamic pool.

0 Helpful

jamie.brooks
Level 1
Level 1
In response to Liam3

‎10-26-2001 07:14 AM

I added ip nat translation timeout 30 - seemed to have no affect. My dynamic nat sessions continue to run, users are able to browse and do dns quieries from the workstations. It is only my static map for my mail server outbound that stops working? Everything stops for the static map outbound, ftp, dns, http, telnet.... and only outbound?!

It is almost like the router runs out of memory for use with the static nat?

0 Helpful

kjanakiraman
Level 1
Level 1

‎11-03-2001 02:48 AM

Hi,

Is the DNS Machine different from the mail Server system? You can do one thing and test apart from tcp port use ip nat inside outside for udp also for both the mail server and dns server by opening port 25 and port 53. You can also try creating access-list for the two statically mapped machines denying them to in the part of the pool of dynamically allocated ip addresses. These are some of my suggestions. You can also check your dns resolution.

0 Helpful
Customers Also Viewed These Support Documents