Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3591
Views
0
Helpful
1
Replies

NAT Default Max Enteries Exceeded

Steven Chua
Level 1
Level 1

‎02-10-2015 12:14 AM - edited ‎03-05-2019 12:45 AM

Hi,

 

I have encountered the error message as shown below on my NAT.

 

%IOSXE-4-PLATFORM: F0: cpp_cp: QFP:00 Thread:040 TS:00037082492058093747 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 524288 exceeded; frame dropped

 

From my understanding, the nat translations should be clear after the connection is finished.

 

I using the IOS of asr1000rp1-adventerprisek9.03.04.05.S.151-3.S5.bin.

 

Please advice.

 

Thks and Rgds

1 person had this problem
Labels:
0 Helpful
1 Reply 1

David Castro F.
Spotlight
Spotlight

‎09-26-2018 09:24 AM

Hello Steven,

 

Sorry that your question is answered till now, basically the issue as it states is that the maximum entries allowed for the NATs are being used at the moment and any new conns that should be translated will be dropped. What can you do to solve this:

* Clear the nat translations, but this does not assure that the issue comes up back again.

* Increase the limit of NATs, but analize if this behavior of growing of conns is normal.

* Check the IP nat timeouts as well, it might be set to a longer timer, and the translations keeps in the table when it is not needed.

* Make sure to check the IP nat translation table (XLATES) to see if there is not anything anomalous, I mean that there could be a computer or more infected and functioning as a botnet and generating so many conns, causing the exhaustion.

 

Best regards, please make sure to qualify the answered if it came in handy!.

 

David Castro,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card