Trying to determine how the CGN function balances sessions across a pool of public IPs.
With my current config (se below), NAT'ing jumps wildly between public IPs. An "inside" hosts changes public IP per session. I expected this, but not at this level.
On an "outside" server, I logged this.
<SNIP>
Mon, 05 Aug 2019 15:20:54 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:25:02 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:26:05 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:48:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:57:04 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:59:06 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:59:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:02:25 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:03:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:03:53 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:13:52 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:21:55 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Tue, 06 Aug 2019 08:30:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Tue, 06 Aug 2019 08:59:15 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.64}
</SNIP>
The NAT-function works fine, but I would like some more "stickyness". Docs does not describe anything usefull.
!
ip nat settings mode cgn
no ip nat settings support mapping outside
no ip nat service pptp
ip nat pool POOL1 42.42.42.64 42.42.42.79 prefix-length 28
prefix-length 24
ip nat inside source list CGN-PRIVATE-SPACE1 pool POOL1 overload
ip nat inside source list CGN-PRIVATE-SPACE2 pool POOL1 overload
!
ip access-list standard CGN-PRIVATE-SPACE1
permit 100.64.0.0 0.0.63.255
ip access-list standard CGN-PRIVATE-SPACE2
permit 100.64.64.0 0.0.63.255
!
/Nykaer
Solved! Go to Solution.
Try to set ip nat settings pap limit 30 bpa
also you could set timeout for connections.
Try to set ip nat settings pap limit 30 bpa
also you could set timeout for connections.