cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
513
Views
0
Helpful
1
Replies
Highlighted
Beginner
Beginner

CGN behavior on ASR1001X

Trying to determine how the CGN function balances sessions across a pool of public IPs.

 

With my current config (se below), NAT'ing jumps wildly between public IPs.   An "inside" hosts changes public IP per session. I expected this, but not at this level. 

 

On an "outside" server, I logged this.  

 

<SNIP>

Mon, 05 Aug 2019 15:20:54 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:25:02 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:26:05 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:48:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:57:04 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:59:06 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:59:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:02:25 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:03:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:03:53 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:13:52 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:21:55 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Tue, 06 Aug 2019 08:30:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}

Tue, 06 Aug 2019 08:59:15 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.64}

</SNIP>

 

The NAT-function works fine, but I would like some more "stickyness".    Docs does not describe anything usefull.

 

!

ip nat settings mode cgn
no ip nat settings support mapping outside
no ip nat service pptp
ip nat pool POOL1 42.42.42.64 42.42.42.79 prefix-length 28
prefix-length 24
ip nat inside source list CGN-PRIVATE-SPACE1 pool POOL1 overload
ip nat inside source list CGN-PRIVATE-SPACE2 pool POOL1 overload
!

ip access-list standard CGN-PRIVATE-SPACE1
permit 100.64.0.0 0.0.63.255

ip access-list standard CGN-PRIVATE-SPACE2
permit 100.64.64.0 0.0.63.255
!

 

 

/Nykaer

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: CGN behavior on ASR1001X

Try to set ip nat settings pap limit 30 bpa

also you could set timeout for connections.

View solution in original post

1 REPLY 1
Highlighted

Re: CGN behavior on ASR1001X

Try to set ip nat settings pap limit 30 bpa

also you could set timeout for connections.

View solution in original post

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey