We are a small company and have had years of running on Cisco 2600/2620/2620XM routers without a problem for a very long time. We have a block of public addresses available to us, so we used a static NAT table to separate mail, FTP, CRM, etc.. so that they all had their own IP address that was unique for each major server.
The 2600 routers ran on IOS 12.3 and 12.4 and the NAT table used this config:
ip nat pool OurNATPool x.x.x.99 x.x.x.99 netmask 255.255.255.224
ip nat inside source list 1 pool OurNATPool overload
ip nat inside source static 192.168.1.125 x.x.x.101
ip nat inside source static 192.168.1.71 x.x.x.102
ip nat inside source static 192.168.1.69 x.x.x.103
ip nat inside source static 192.168.1.46 x.x.x.104
ip nat inside source static 192.168.1.4 x.x.x.105
ip nat inside source static 192.168.1.34 x.x.x.106
ip nat inside source static 192.168.1.115 x.x.x.107
ip nat inside source static 192.168.1.83 x.x.x.108
ip nat inside source static 192.168.1.10 x.x.x.109
ip nat inside source static 192.168.1.84 x.x.x.111
ip nat inside source static 192.168.1.136 x.x.x.112
ip nat inside source static 192.168.1.5 x.x.x.125
Over time, our company's internal traffic started to overwhelm the capacity of the FastEthernet adapter and the processing power of the 2600 series routers.
We switched to a Cisco 881W router running IOS 15.1 and set it up to use the same Static NAT configurations.
Everything worked. EXCEPT that the FTP connection mapped for 192.168.1.4 -> x.x.x.105 worked for 10 minutes and then actively refused any connections. Resetting the router brings it back for another 10-15 minutes, and then it just goes away. If we manually go in and remove and re-add the "ip nat inside source static 192.168.1.4 x.x.x.105" line, it comes right back.
I had thought it might be something wrong with the FTP server. I pointed the NAT to a different machine on a different address and the same behaviour happened again.
I put the old 2600 router back online and things worked fine. (But internal ability to access the internet was affected from the router dropping packets)
I went so far as to acquire a Cisco 2821 router running IOS 12.4, yet it ALSO "loses" the NAT translation to the FTP server after 10-15 minutes!
Right now, we are back to using our 881W router. Anyone wishing to access the FTP server has to inform us in advance so we can remove and re-add the line and get them 10-15 minutes of access.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...