Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allow Large packets (NAT)

I have the following config on a Cisco 877, and am having problems sending large packets when NAT is enabled - I have tried disabling ip virtual-reassembly, but it does not resolve the problem(And show ip virtual-reass does not report any dropped fragments.

If I remove nat, I can happily send 8000byte packets.

interface ATM0.1 point-to-point

description Internet Network

ip address 10.2.6.26 255.255.255.252 secondary

ip address 10.2.6.2 255.255.255.252

ip nat outside

ip virtual-reassembly max-fragments 64 max-reassemblies 1024 timeout 64

pvc burnley 10/211

ubr 512

tx-ring-limit 3

oam-pvc manage

encapsulation aal5snap

!

interface Vlan1

description FNN1610225907 LAN

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly max-fragments 64 max-reassemblies 1024 timeout 64

ip nat inside source list 1 interface ATM0.1 overload

ip nat inside source static 192.168.0.2 10.2.6.2

!

access-list 1 permit 192.168.0.0 0.0.0.255

7 REPLIES
Bronze

Re: Allow Large packets (NAT)

Try this command:

"udp-ip-fragment-enabled"

Re: Allow Large packets (NAT)

Hi,

Configure 'ip tcp adjust-mss 1400' under the VLAN interface to eliminate MTU problems across varying media types. This would cause the TCP client/server to shrink the MSS of the frame and therefore, the router mayn't have to fragment the packets at all. Let us know if this helps resolve the issue.

HTH

Sundar

New Member

Re: Allow Large packets (NAT)

Thanks for the suggestions guys - I convinced the client that NAT wasn't necessary, which resolved the problem.

I will test in the lab with nat enabled to see if your suggestions work - Thanks.

Bronze

Re: Allow Large packets (NAT)

John -

If you look at the documentation it says that virtual reassembly is automatically enabled when NAT is turned on.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802299fb.html#wp1052712

I think this is causing your issue because it is exceeding the maximum ammount of fragments allowed when virtual reassembly is enabled.

You are only going to be able to send around 3300 bytes. You don't have the issue when you disable NAT because it automatically disable's virtual reassembly.

Daniel

New Member

Re: Allow Large packets (NAT)

Hi Daniel,

I also tried disabling virtual-reassembly on both Interfaces...it unfortunately didn't help

Bronze

Re: Allow Large packets (NAT)

Yea I know you said that. The documentation doesn't say whether or not it allows you to disable that when using NAT.

I think the best thing would be to try a different platform that doesn't have the virtual reassembly option, or a different code.

Daniel

New Member

Re: Allow Large packets (NAT)

Hi,

I have the same problem. i fixed using the command "no-payload". eg:

ip nat inside source static udp 192.168.0.1 53 200.200.200.200 53 extendable no-payload

Regards.

828
Views
0
Helpful
7
Replies
CreatePlease login to create content