10-25-2001 08:13 PM - edited 03-01-2019 07:01 PM
I have a customer using a 3600 Cisco router w/12.1 IOS. I have a static nat setup for the mail server for ports 25, 110, and port 80 for OWA.
We reload/reboot the router and everything works fine. After about 3hrs the mail server can no longer access the internet outbound. It can still receive email but all outbound mail queues on the server. The server can not resolve DNS queries, or any outbound access.
Here is my ip nat commands:
ip nat inside source static tcp xxx.xxx.xxx.xxx 25 xxx.xxx.xxx.xxx 25 extendable
(same for ports 110 and 80).
ip nat inside (assigned to e0)
all users are setup to use the ip nat pool dynamic...this works even after the static nat stops working.
Anyone give me a idea of what to look at. It use to work all of the time. Now it is intermittent only for the mail server (static nat).
Thanks, jamie
10-26-2001 12:59 AM
Hello !
What does the "debug ip nat" command show when you have the problem ?
/ BR Daniel
10-28-2001 02:30 PM
have not ran the statement/command? will do next time I have the problem
10-26-2001 04:39 AM
Where is your DNS server? I'm assuming it is the same box oas the mail server. I would start by looking at the dynamic table (show ip nat trans) when dns stops working. Since mail uses so many dns lookups, I would think you might be filling the table with dynamic translations for port 53. I don't know what the default limit is, I believe it's somewhere around 1000 but that can be changed with the following commands:
ip nat translation timeout
ip nat translation tcp-timeout
ip nat translation udp-timeout
ip nat translation dns-timeout
ip nat translation icmp-timeout
The other option may be to put an extendable static nat on port 53 tcp and 53 udp. Not sure if you want to do that, but it might limit the number of assignments from the dynamic pool.
10-26-2001 07:14 AM
I added ip nat translation timeout 30 - seemed to have no affect. My dynamic nat sessions continue to run, users are able to browse and do dns quieries from the workstations. It is only my static map for my mail server outbound that stops working? Everything stops for the static map outbound, ftp, dns, http, telnet.... and only outbound?!
It is almost like the router runs out of memory for use with the static nat?
11-03-2001 02:48 AM
Hi,
Is the DNS Machine different from the mail Server system? You can do one thing and test apart from tcp port use ip nat inside outside for udp also for both the mail server and dns server by opening port 25 and port 53. You can also try creating access-list for the two statically mapped machines denying them to in the part of the pool of dynamically allocated ip addresses. These are some of my suggestions. You can also check your dns resolution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide