Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
0
Helpful
2
Replies

HELP: NAT translation time out optimization?

paolobyte
Level 1
Level 1

‎04-18-2018 05:56 PM - edited ‎03-05-2019 10:18 AM

Hi guys I need some of your opinions on how to optimize our nat translations time out

 

First of all here's the current config we have. 

 

ip nat translation timeout 10800
ip nat translation tcp-timeout 10800
ip nat translation udp-timeout 360
ip nat translation dns-timeout 40

 

public IPs allocated: 64

approximate number of translations during peak hours: 250,000

 

Issues we're encountering:

1) We are just on 250K translations entry, yet the pool allocation shows always 100%. I understand there's some non-pattable protocols, we will modify our ACL soon. 

2) Some users are having a hard time establishing a stable session with some AWS sites, Webhosting sites, Cpanel.

 

What I'm seeing in the translation table is that, there's always multiple translation entry to a single user with different inside global (public IPs) addresses which could break their existing tcp session with those services mentioned above as some of them are very strict in terms of source ips when you've logged in.

 

Users are actually getting error messages "Your IP address has changed. please log in again"

 

Any recommendations guys?

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎04-19-2018 12:18 AM

Hello,

 

what platform (e.g. ISR 4321) is this on, and which IOS version are you running ? Post your config, we might spot something...

0 Helpful

paolobyte
Level 1
Level 1
In response to Georg Pauwen

‎04-27-2018 07:53 AM

We got it sorted by enabling PAP or paired-address-pooling feature :)

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card