Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

NAT fails temporarily on static NATs after router reload

We have a 2611 with both dynamic and static nat configured.

Whenever we reload the router, our static NAT'd devices fail to get out/back in for several hours--then, eventually, everything will start to work again.

We have tested this on several different host systems: Windows, UNIX, etc., and as long as the static nat is active for a host, it can't get out.

If we remove the static NAT, the internal hosts can now get out--but of course, we lose the inbound connectivity.

Is there anything wrong with this configuration that could explain this behavior??

debug nat detailed -- shows our attempts from one of the hosts...but no reply is coming back in...

--->

Apr 19 2004 14:13:17.792 PDT: NAT*: i: icmp (192.168.0.1, 1779) -> (14.32.17.1, 1779) [60517]

Apr 19 2004 14:13:17.792 PDT: NAT*: s=192.168.0.1->14.32.17.228, d=14.32.17.1 [60517]

Apr 19 2004 14:13:18.788 PDT: NAT*: i: icmp (192.168.0.1, 1779) -> (14.32.17.1, 1779) [60643]

Apr 19 2004 14:13:18.792 PDT: NAT*: s=192.168.0.1->14.32.17.228, d=14.32.17.1 [60643]

Apr 19 2004 14:13:19.788 PDT: NAT*: i: icmp (192.168.0.1, 1779) -> (14.32.17.1, 1779) [60644]

Apr 19 2004 14:13:19.788 PDT: NAT*: s=192.168.0.1->14.32.17.228, d=14.32.17.1 [60644]

<---

----------

Config exceprt attached--note, we added deny host entries for each of the static nat'd internal host IPs to access-list 1

----------

Thanks for any input,

Kevin

4 REPLIES
New Member

Re: NAT fails temporarily on static NATs after router reload

Hi Kevin,

Before I say anything,a friendly advise,never ever put your original IP addresses on any web site.It would be headache for you and is not recommended.If I was you,I would change the addresses to bogus ones.

I don't see anything wrong with your config,apart from the fact that

1) What is the use of access-list 100 when everything is allowed?

2)In case it works automatically after some hours then I would do the following

Search Cisco for bug

Upgrade IOS

Contact TAC.

Cheers

Trib

New Member

Re: NAT fails temporarily on static NATs after router reload

Thanks, searching for bugs now. May have to go back to a previous version.

ACL 100 was used to control access to another ethernet segment (which is down now, and being clear out).

(Those aren't my real IPs...I changed them all before posting)...thanks again,

Kevin

Silver

Re: NAT fails temporarily on static NATs after router reload

I think you should use route maps with the nat configuration. NAT will only check the access-list when there are no existing translations that match.

Check the following url

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087bac.html

New Member

Re: NAT fails temporarily on static NATs after router reload

I had route-map statements to handle my vpn traffic through nat, but when this problem started, I removed all crypto and route-maps to see if that was causing any problems and to simplify troubleshooting.

I will revisit this and see if I can get a working NAT, but what I don't understand is, as configured, the static NAT'd inside hosts will EVENTUALLY start working...why would they not work from the start, or what would make them start working after a couple of hours?

Tks/Kevin

115
Views
0
Helpful
4
Replies
CreatePlease to create content