Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

static NAT without create entries

Hello,

we are a little ISP and our design is based on private address. Our internet router is translating now 50.000 entries.

The issue is that we are used static NAT:

...

...

ip nat inside source static 10.17.254.129 <public_IP>

....

If we use the command "show ip nat translation | include 10.17.254.129" we have:

tcp 80.73.145.8:57618     10.17.254.129:57618   92.123.73.24:80       92.123.73.24:80
tcp 80.73.145.8:57937     10.17.254.129:57937   92.123.73.24:80       92.123.73.24:80
tcp 80.73.145.8:57956     10.17.254.129:57956   92.123.73.49:80       92.123.73.49:80
tcp 80.73.145.8:57957     10.17.254.129:57957   92.123.73.24:80       92.123.73.24:80
tcp 80.73.145.8:57967     10.17.254.129:57967   92.123.73.49:80       92.123.73.49:80
tcp 80.73.145.8:57968     10.17.254.129:57968   92.123.73.24:80       92.123.73.24:80
tcp 80.73.145.8:57980     10.17.254.129:57980   92.123.73.49:80       92.123.73.49:80
tcp 80.73.145.8:57996     10.17.254.129:57996   92.123.73.24:80       92.123.73.24:80
tcp 80.73.145.8:58000     10.17.254.129:58000   92.123.73.49:80       92.123.73.49:80
tcp 80.73.145.8:58114     10.17.254.129:58114   92.123.73.24:80       92.123.73.24:80
--- 80.73.145.8           10.17.254.129         ---                   ---

The router is creating a NAT entries for each new connection. I know that it is normal but

I'd like to know if there is a possible configuration where don't create entries because de router's CPU is

nearly 90% because of interruptions due to NAT translations.

We are using:


Cisco IOS Software, 7200 Software (C7200-IS-M), Version 12.4(25b), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 12-Aug-09 18:47 by prod_rel_team

ROM: System Bootstrap, Version 12.3(4r)T1, RELEASE SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.2(13)ZD1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

internet1 uptime is 24 weeks, 1 day, 5 hours, 31 minutes
System returned to ROM by reload at 06:54:02 MET Mon Sep 21 2009
System restarted at 06:57:00 MET Mon Sep 21 2009
System image file is "disk2:/c7200-is-mz.124-25b.bin"
Last reload reason: Reload Command

Thanks.

  • WAN Routing and Switching
Everyone's tags (5)
1 REPLY

Re: static NAT without create entries

Hello again,

I have test the command "no ip nat create flow-entries" and the behavior now has changed. Now for each

connection/flow a entries is not create. Do you know if there is other considerations that i should follow?.

Thank you

1664
Views
0
Helpful
1
Replies
This widget could not be displayed.