Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1599
Views
0
Helpful
7
Replies

Allow Large packets (NAT)

johnelliot
Level 1
Level 1

‎10-03-2006 09:40 PM - edited ‎03-03-2019 02:13 PM

I have the following config on a Cisco 877, and am having problems sending large packets when NAT is enabled - I have tried disabling ip virtual-reassembly, but it does not resolve the problem(And show ip virtual-reass does not report any dropped fragments.

If I remove nat, I can happily send 8000byte packets.

interface ATM0.1 point-to-point

description Internet Network

ip address 10.2.6.26 255.255.255.252 secondary

ip address 10.2.6.2 255.255.255.252

ip nat outside

ip virtual-reassembly max-fragments 64 max-reassemblies 1024 timeout 64

pvc burnley 10/211

ubr 512

tx-ring-limit 3

oam-pvc manage

encapsulation aal5snap

!

interface Vlan1

description FNN1610225907 LAN

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly max-fragments 64 max-reassemblies 1024 timeout 64

ip nat inside source list 1 interface ATM0.1 overload

ip nat inside source static 192.168.0.2 10.2.6.2

!

access-list 1 permit 192.168.0.0 0.0.0.255

Labels:
0 Helpful
7 Replies 7

s.jankowski
Level 4
Level 4

‎10-09-2006 11:26 AM

Try this command:

"udp-ip-fragment-enabled"

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to s.jankowski

‎10-09-2006 11:38 AM

Hi,

Configure 'ip tcp adjust-mss 1400' under the VLAN interface to eliminate MTU problems across varying media types. This would cause the TCP client/server to shrink the MSS of the frame and therefore, the router mayn't have to fragment the packets at all. Let us know if this helps resolve the issue.

HTH

Sundar

0 Helpful

johnelliot
Level 1
Level 1
In response to sundar.palaniappan

‎10-09-2006 02:01 PM

Thanks for the suggestions guys - I convinced the client that NAT wasn't necessary, which resolved the problem.

I will test in the lab with nat enabled to see if your suggestions work - Thanks.

0 Helpful

dbellaze
Level 4
Level 4
In response to johnelliot

‎10-09-2006 06:25 PM

John -

If you look at the documentation it says that virtual reassembly is automatically enabled when NAT is turned on.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802299fb.html#wp1052712

I think this is causing your issue because it is exceeding the maximum ammount of fragments allowed when virtual reassembly is enabled.

You are only going to be able to send around 3300 bytes. You don't have the issue when you disable NAT because it automatically disable's virtual reassembly.

Daniel

0 Helpful

johnelliot
Level 1
Level 1
In response to dbellaze

‎10-09-2006 06:54 PM

Hi Daniel,

I also tried disabling virtual-reassembly on both Interfaces...it unfortunately didn't help

0 Helpful

dbellaze
Level 4
Level 4
In response to johnelliot

‎10-10-2006 01:18 PM

Yea I know you said that. The documentation doesn't say whether or not it allows you to disable that when using NAT.

I think the best thing would be to try a different platform that doesn't have the virtual reassembly option, or a different code.

Daniel

0 Helpful

r-barbosa
Level 1
Level 1
In response to dbellaze

‎11-25-2009 06:50 PM

Hi,

I have the same problem. i fixed using the command "no-payload". eg:

ip nat inside source static udp 192.168.0.1 53 200.200.200.200 53 extendable no-payload

Regards.

0 Helpful
Customers Also Viewed These Support Documents