cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
169
Views
0
Helpful
1
Replies
Highlighted
jny Beginner
Beginner

CGN behavior on ASR1001X

Trying to determine how the CGN function balances sessions across a pool of public IPs.

 

With my current config (se below), NAT'ing jumps wildly between public IPs.   An "inside" hosts changes public IP per session. I expected this, but not at this level. 

 

On an "outside" server, I logged this.  

 

<SNIP>

Mon, 05 Aug 2019 15:20:54 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:25:02 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:26:05 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:48:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:57:04 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:59:06 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:59:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:02:25 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:03:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:03:53 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:13:52 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:21:55 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Tue, 06 Aug 2019 08:30:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}

Tue, 06 Aug 2019 08:59:15 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.64}

</SNIP>

 

The NAT-function works fine, but I would like some more "stickyness".    Docs does not describe anything usefull.

 

!

ip nat settings mode cgn
no ip nat settings support mapping outside
no ip nat service pptp
ip nat pool POOL1 42.42.42.64 42.42.42.79 prefix-length 28
prefix-length 24
ip nat inside source list CGN-PRIVATE-SPACE1 pool POOL1 overload
ip nat inside source list CGN-PRIVATE-SPACE2 pool POOL1 overload
!

ip access-list standard CGN-PRIVATE-SPACE1
permit 100.64.0.0 0.0.63.255

ip access-list standard CGN-PRIVATE-SPACE2
permit 100.64.64.0 0.0.63.255
!

 

 

/Nykaer

Everyone's tags (3)
1 REPLY 1

Re: CGN behavior on ASR1001X

Try to set ip nat settings pap limit 30 bpa

also you could set timeout for connections.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.