Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
691
Views
0
Helpful
2
Replies

Static PAT problem in Cisco 7206-VXR

unrealx86
Level 1
Level 1

‎07-28-2009 03:41 AM - edited ‎03-04-2019 05:34 AM

Hi All!

I have a strange problem with my C7206-VXR (IOS c7200-adventerprisek9-mz.122-33.SRD2) router: when I set up PAT inside to outside address translation using static ip+tcp mapping like "ip nat inside source static tcp ...", router sends to console this error output:

(config)#ip nat inside source static tcp 10.41.0.29 4662 x.x.x.74 4662 extendable

%Port 4662 is being used by system

(config)#ip nat inside source static tcp 10.41.0.29 4662 x.x.x.74 4661 extendable

%Port 4661 is being used by system

However, this translation is not presented in my running-config:

#sh run | i ip nat

[...]

ip nat pool 123 x.x.x.65 x.x.x.78 netmask 255.255.255.240

ip nat inside source list 181 pool 123 overload

ip nat inside source static tcp 10.41.0.254 3389 x.x.x.75 3389 extendable

ip nat inside source static tcp 10.41.0.121 50 x.x.x.77 50 extendable

ip nat inside source static tcp 10.41.0.121 51 x.x.x.77 51 extendable

ip nat inside source static udp 10.41.0.121 500 x.x.x.77 500 extendable

ip nat inside source static tcp 10.41.0.30 3389 x.x.x.78 3389 extendable

ip nat inside source static tcp 10.41.0.30 15000 x.x.x.78 15000 extendable

#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp x.x.x.78:3389 10.41.0.30:3389 --- ---

tcp x.x.x.78:15000 10.41.0.30:15000 --- ---

tcp x.x.x.77:50 10.41.0.121:50 --- ---

tcp x.x.x.77:51 10.41.0.121:51 --- ---

udp x.x.x.77:500 10.41.0.121:500 --- ---

tcp x.x.x.75:3389 10.41.0.254:3389 --- ---

Another interesting fact is that when I set up forwarding on another port (using the same IP addresses), it's working like it should:

(config)#ip nat inside source static tcp 10.41.0.29 4662 x.x.x.74 466 extendable

(config)#do sh ip nat trans

Pro Inside global Inside local Outside local Outside global

tcp x.x.x.74:466 10.41.0.29:4662 --- ---

tcp x.x.x.78:3389 10.41.0.30:3389 --- ---

tcp x.x.x.78:15000 10.41.0.30:15000 --- ---

tcp x.x.x.77:50 10.41.0.121:50 --- ---

tcp x.x.x.77:51 10.41.0.121:51 --- ---

udp x.x.x.77:500 10.41.0.121:500 --- ---

tcp x.x.x.75:3389 10.41.0.254:3389 --- ---

As you can see, router installs translation in this case (using the same parameters but another outside TCP port - 466). I'm tried to reload the router and issued "clear ip nat translation *" command, but it's not helped me.

Any ideas to why router cannot setup static PAT translations on certain outside ports in this scheme?

I cannot find any explanation of this bug on cisco.com, maybe anyone can help me with this problem?...

P.S. This situation continues when I trying to use some UDP outside ports, for example, UDP 4500.

Thanks.

Nikita

Labels:
0 Helpful
2 Replies 2

Laurent Aubert
Cisco Employee
Cisco Employee

‎07-28-2009 04:54 AM

Hi Nikita,

I found two bugs related to your issue:

- CSCsj29841

- CSCsu59515

You need to open a TAC case to confirm if you are hitting one of those bugs.

HTH

Laurent.

0 Helpful

unrealx86
Level 1
Level 1
In response to Laurent Aubert

‎07-28-2009 09:40 PM

Thank You Laurent!

Symptoms in this bug reports is very similar to my. To my regret, our SmartNet warranty expired, so I can't open a TAC case. I will try to use another IOS version, maybe it will help.

Best regards,

Nikita

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card