Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

clear ip nat translation

Hi,

We use ip nat to let users connecting to the internet through a 2621XM.They can connect but each hour, we have to do a "clear ip nat translation" , otherwise, the router is too slow, it takes many seconds to write one command.

Is there anything we can do to avoid it or is there a way to launch "clear ip nat translation" automatically every 30 munites for example?

9 REPLIES

Re: clear ip nat translation

Hello,

the default NAT timeout for dynamic entries is 24 hours. You can change this default value by issuing the 'ip nat translation timeout seconds' command from the global configuration mode.

Which IOS version are you running ? Can you post the output of 'show version' ?

Your problem sounds could be related to an IOS bug as well...

As for scheduling commands, check the link below for an explanation of the Cisco command scheduler:

Command Scheduler

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_feature_guide09186a00801b0695.html

HTH,

GNT

Silver

Re: clear ip nat translation

Hi,

you can use 'kron'.

Please check my conf, and change as you wish:

!

kron occurrence clear in 1:0:0 recurring

policy-list CEF

policy-list NAT

policy-list ARP

!

kron policy-list NAT

cli clear ip nat translation *

!

kron policy-list CEF

cli clear ip cef * prefix-statistics

!

kron policy-list ARP

cli clear arp-cache

!

Hope this helps

Regards

Andrea

New Member

Re: clear ip nat translation

we've put

"ip nat translation timeout 60".

the router seems slow.

here's it's show ver

Silver

Re: clear ip nat translation

Hi,

when an entry is first placed into the NAT table, a timer is started; the period of the timer is the translation timeout. Each time the entry is used to translate the source or destination address of a subsequent packet, the timer is reset. If the timer expires, the entry is removed from the NAT table and the dynamically assigned address is returned to the pool. Cisco's default translation timeout is 86,400 seconds (24 hours).

Defaults:

timeout 86,400 sec

dns-timeout 60 sec

finrst-timeout 60 sec

icmp-timeout 60 sec

port-timeout tcp 60 sec

port-timeout udp 60 sec

syn-timeout 60 sec

tcp-timeout 86,400 sec

udp-port 300 sec

'timeout', 'tcp-timeout' and 'udp-port' are non port specific ... that is, maybe you have a lot of "non port specific" translations, and now your router works too much.

Check 'sh proc cpu', 'sh proc mem' and 'sh ip nat statistics'

Hope this helps

Regards

Andrea

New Member

Re: clear ip nat translation

Hi,

yes, it seems the router works too much.In "show proc cpu hist", we've got about 90.We've tried different value of "ip nat translation timeout", still the same.

We haven't specified any tcp-timeout nor udp-port.

Silver

Re: clear ip nat translation

Hi,

without 'ip nat translation timeout' command, the cpu works fine?

please check this:

no ip nat translation timeout x

sh ip nat statistics

Regards

Andrea

New Member

Re: clear ip nat translation

no, we've had to launch the command each 30 mn

Silver

Re: clear ip nat translation

mmm ...

router is a 2621XM, is it? IOS?

try to enable CEF, and last resort:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d09f0.html

maybe it does the trick

Please let me know

Regards

Andrea

New Member

Re: clear ip nat translation

Hi Andrea,

cef 's already enable.

Thanks for all, for your help and documents

5161
Views
10
Helpful
9
Replies
CreatePlease to create content