We have a problem with a Ciscorouter 7200 -- Software (C7200P-SPSERVICESK9-M), Version 12.2(33)SRE2.
some NAT rules are being dropped and traffic is not forwarded accordingly .
For example, we have a NAT rule for forwarding remote SSH connections to the N5K directly connected translating port 4000 to port 22. Sometimes this stop working and it's impossible to access by ssh from the outside. So wondering why , i try to connect to the switch from another internal network and was accepting regularly connection to its port 22.
After rebooting the router, it started to work again...
Any idea for troubleshooting this issue?
In the NAT logs, i did not find anything relevant.
Solved! Go to Solution.
Sure this is the relevant part for the NAT and services :
no ipv6 cef
ip nat log translations syslog
ip nat translation timeout 300
ip nat inside source list 10 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.0.0.2 22 interface GigabitEthernet0/0 4000
access-list 10 permit 10.0.0.0 0.0.0.255
access-list 101 permit ip any any
no cdp run
Check the nat statistics, max entries and timeout values applied to the rtr.
Do you have any traffic captures pertaining to this connectivity drop you can share (.pcap files etc..)
The timeout is set to 300 seconds.
But i didn't set anything else so i suppose is set to their default values ?
How can I check the max-entries parameter?
No , but i am going to sniff packets from now
Total active translations: 25 (0 static, 25 dynamic; 25 extended)
Hits: 4547 Misses: 0
CEF Translated packets: 4535, CEF Punted packets: 43
Expired translations: 1
-- Inside Source
[Id: 1] access-list 10 interface GigabitEthernet0/0 refcount 13