Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
860
Views
0
Helpful
1
Replies
jny
Beginner
Beginner
‎08-07-2019 11:28 PM
‎08-07-2019 11:28 PM

CGN behavior on ASR1001X

Trying to determine how the CGN function balances sessions across a pool of public IPs.

 

With my current config (se below), NAT'ing jumps wildly between public IPs.   An "inside" hosts changes public IP per session. I expected this, but not at this level. 

 

On an "outside" server, I logged this.  

 

<SNIP>

Mon, 05 Aug 2019 15:20:54 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:25:02 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:26:05 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:48:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:57:04 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:59:06 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:59:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:02:25 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:03:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:03:53 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:13:52 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:21:55 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Tue, 06 Aug 2019 08:30:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}

Tue, 06 Aug 2019 08:59:15 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.64}

</SNIP>

 

The NAT-function works fine, but I would like some more "stickyness".    Docs does not describe anything usefull.

 

!

ip nat settings mode cgn
no ip nat settings support mapping outside
no ip nat service pptp
ip nat pool POOL1 42.42.42.64 42.42.42.79 prefix-length 28
prefix-length 24
ip nat inside source list CGN-PRIVATE-SPACE1 pool POOL1 overload
ip nat inside source list CGN-PRIVATE-SPACE2 pool POOL1 overload
!

ip access-list standard CGN-PRIVATE-SPACE1
permit 100.64.0.0 0.0.63.255

ip access-list standard CGN-PRIVATE-SPACE2
permit 100.64.64.0 0.0.63.255
!

 

 

/Nykaer

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Evgeniy Prichinin
Beginner
Beginner
‎08-16-2019 02:21 AM
‎08-16-2019 02:21 AM

Try to set ip nat settings pap limit 30 bpa

also you could set timeout for connections.

View solution in original post

0 Helpful
1 REPLY 1
Evgeniy Prichinin
Beginner
Beginner
‎08-16-2019 02:21 AM
‎08-16-2019 02:21 AM

Try to set ip nat settings pap limit 30 bpa

also you could set timeout for connections.

0 Helpful
Latest Contents
Cisco Champion Radio: S9|E19 SaaS-Based Network Automation
Created by Amilee San Juan on 05-17-2022 12:48 PM
1
0
1
0
Listen: https://smarturl.it/CCRS9E19Follow us:  twitter.com/ciscochampionsNetworks can be complex and often unpredictable. Traffic from over-the-top applications, automated systems, malicious attacks, or variations from simple operational errors... view more
Cisco Champion Radio: S9|E15 Private 5G, Simply Intuitive
Created by Amilee San Juan on 04-20-2022 08:35 AM
0
0
0
0
Listen: https://smarturl.it/CCRS9E15 Follow us: https://twitter.com/CiscoChampion   Standing up and operating a mobile 5G network can be a challenging task, but Private 5G doesn’t need to be.  Now, there is a simple solution for enterprises that... view more
Factory Reset: Erasing/Wiping out user data from disk memory...
Created by arajhans on 03-07-2022 12:35 PM
0
5
0
5
Factory Reset - Erasing and Wiping out user data from disk memory on IOS-XR routers Typically, user data on a router or a switch could be the router configurations [ip addresses and login credentials], process core, debug logs, show tech-support, images, ... view more
Cisco Champion Radio: S9|E7 Cisco Routed Optical Networking
Created by Amilee San Juan on 02-24-2022 02:29 PM
0
5
0
5
Listen: https://smarturl.it/CCRS9E7Follow us: twitter.com/ciscochampion Routed optical networking, part of the Converged SDN Transport Architecture, is a new network paradigm that delivers improved operational efficiencies and simplicity. The soluti... view more
Last week to vote in the 2021 IT Blog Awards, hosted by Cisc...
Created by Amilee San Juan on 02-14-2022 03:16 PM
0
0
0
0
The IT Blog Awards, hosted by Cisco, aims to recognize all of the amazing technology content creators who contribute to our community all year long. Now it's up to you to weigh in. Be sure to vote for your favorites before Friday, February... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad