Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP NAT won't release an IP address after it expires

<<Jan 8, 2002, 8:15am Pacific

I have a Cisco 2611 router that is running static and dynamic NAT together. (static-webservers, mail, etc--dynamic-workstations). This router has run flawlessly for over 1.5yrs so Im pleased. In the past two days I have lost my dynamic translations. I have captured two debug segments to see if the translations were looping or just crapping out. They don't even show up. I tried a cold start. No luck. I created another address pool and named it. Deleted the old pool and reassigned the 3 IPs I use for that pool. It worked for about 9 hours and died. I tried another cold start this morning, but no luck. ALSO I noticed that some changes were not showing up in the startup-config after I ran the command "copy run star" and then "sh star". And on the last cold start after the image decompression, I got this nice little message-- "Warning: flash:star does not exist. Command retained." followed by "Warning: flash:startup-config does not exist. Command retained.">>

I posted the above message about 3 months ago and got some good suggestions. Until recently the problem has not resurfaced. Today the problem resurfaced. The workstations, that use a pool, attached to a static IP translation and began using it to access the Internet. It was suggested that the router maybe running out of DRAM. It is using, on average, about 2.8Mb out of 16 with peaks of about 6Mb. The processor is cruising at about 4% with 12% spikes. I ran a debug to see what was going on. Without making this a huge post... I saw alot of error that read "NAT: expiring" followed by "NAT: can't release". This IP address is a static translation. The dynamic pool is It is not present in the translation table anywhere. I did a @sh ip nat stat...this showed 0% pool utilization and 126 misses.

Everthing was running fine until I added the above static translation. I forgot to add a deny to the access-list for the pool. Which brings me to a question. Does a standard access-list assigned to a dynamic pool have to be enumerated on an interface?(inside)? Or does the ACL work just because it is specified in a pool command?

I tried applying the list to the e0/0 int and that cut off all outbound traffic. Did the workstations attach to the static address because I did not apply the deny x.x.x.x to the access-list before I added the static route related to it? I spent 3 hours searching articles for the answer...I would really like to understand this.

Thanks so much


If you want detailed (debug info)I will be glad to email you directly.


Re: IP NAT won't release an IP address after it expires

Something sounds flaky. If it’s been running for over a year without a problem, it’s probably not an IOS bug. Perhaps you have a memory failure. In any case, a support call to Cisco is in order next to see if they have some ideas.