Re: problem with 2514 and nat

todd.galbreath · ‎06-04-2002

I have a 2514 router connected to two ethernet subnets and a serial connected to a frame relay (internet). A real text book example for a small office. E0 is the internal network private addressing and E1 is the subnet with the public addresses.. NAT uses the s0 in overload for the users on E0 and there are some static NATs for outside mail and web to come into the private network. Problem is that I loose connection to the E0, can't ping it or telnet to the router from the inside network. Not sure why, seems to happen when someone does a email out (maybe) or the internal network gets busy (maybe)

Not sure if I should or should not use the extendable command with nat?

Thanks for any help

Todd

Todd.galbreath@integralease.com

Current configuration:

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname xxx

!

enable secret

enable password

!

ip nat inside source list 1 interface Serial0 overload

ip nat inside source static 10.10.90.8 67.37.116.130 extendable

ip nat inside source static 10.10.90.7 67.37.116.180 extendable

ip name-server 10.10.90.6

!

interface Ethernet0

ip address 10.10.90.2 255.255.255.0

ip nat inside

no ip mroute-cache

no mop enabled

!

interface Ethernet1

ip address 67.37.116.129 255.255.255.192

ip helper-address 10.10.90.6

no ip mroute-cache

no mop enabled

!

interface Serial0

ip address 67.37.3.22 255.255.255.252

ip nat outside

no ip mroute-cache

encapsulation frame-relay IETF

frame-relay map ip 67.37.3.21 606

frame-relay interface-dlci 606

frame-relay lmi-type ansi

!

interface Serial1

no ip address

no ip mroute-cache

shutdown

!

ip default-gateway 67.37.3.21

no ip classless

ip default-network 0.0.0.0

ip route 0.0.0.0 0.0.0.0 67.37.3.21

ip route 10.10.90.0 255.255.255.0 Ethernet0

ip route 67.37.116.128 255.255.255.192 Ethernet1

access-list 1 permit 10.0.0.0 0.255.255.255

!

line con 0

line aux 0

line vty 0 4

password cisco

login

!

end

7sboals · ‎06-04-2002

Upgrade your IOS, 11.2 is quite old.

7sboals · ‎06-04-2002

Upgrade your IOS and use ip classless. You are not using classless addressing (your /30 and /26 subnets).

MickPhelps · ‎06-04-2002

Not sure why you would lose connectivity, but here are some suggestions:

1) change your password on your telnet (vty 0 4) connection. "cisco" is WAY too obvious and besides... you've now posted it.

2) Change your access-list to:

access-list 1 deny 10.10.90.7 0.0.0.0

access-list 1 deny 10.10.90.8 0.0.0.0

access-list 1 permit 10.10.90.0 0.0.0.255

3) Console in to the router (instead of telnet) and check your CPU utilization during a failure. If you CPU stays below 50% during peak usage, consider disabling fast switching (no ip route-cache). 11.2 had problems with NAT and fast switching.

4) SHOW INT to verify that you're not dropping packets during a failure.

5) SHOW BUFFERS to verify that you're not having buffer failures.

6) Upgrade your code! (as previously suggested)

Notes: Your last two static route statements are redundant... they're not hurting you, but they're not helping either.

Your ip default-gateway statement only works when IP routing is disabled (no ip routing or rommon mode).

Let me know if that helps.

Mick.

todd.galbreath · ‎06-04-2002

I started to check, I am seeing this after everything drops:

integr uptime is 1 minute

System restarted by bus error at PC 0x3619DD4, address 0x2E005224