NAT Issue on ISR 4331

elom.kutsienyo · ‎07-06-2020

I have an ISR 4331 Router (positioned as the internet edge) running on the latest stable version of IOS XE i.e. (16.12.03).

For some reason, at unspecific intervals all internet traffic stops working. The only way to resolve the issue is to issue the command:

INET-RTR# clear ip nat translations *

after issuing this command, everything seems to be working perfectly for a while and then I have to run it again few hours later. For now i had to implement a kron (schedule) to run the command every hour to keep services running but am looking for a permanent fix.

The router is not doing anything complex, just a few NAT and a few VPN sessions. RAM and CPU are more than fine when I check them at issue occurence.

Is it a bug? Has anyone encountered this before? Any fix you may think about is welcome.

Thanks in advance.

Regards,

Elom

balaji.bandi · ‎07-06-2020

as per my knowledge, there is no bug reported on this version, is this occurring after the upgrade IOS?

still, like to see your configuration and if you have any logs before it stopped serving the requests?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

elom.kutsienyo · ‎07-07-2020

Thanks fo your reply @balaji.bandi and @paul driver. If there is no reported bug, it means it is an issue with NAT configs. We are taking a more serious approach to review the config. Some of my colleagues suspect a NAT Conflict. Do you think that could cause this behavior?

balaji.bandi · ‎07-07-2020

yes as suggested license also review the rules.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎07-07-2020

Hello

Could you post (in an attached file) the nat configuration and route table.

Do you see any interface error /drops etc or high utilization being reported?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎07-07-2020

Hello
If this was a FW i would looking into maybe a possible licence issue now with even this being a router I wouldnt rule it out?
show license feature

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

elom.kutsienyo · ‎07-08-2020

Hi All,

After drilling down further, i can see two processes that have extremely high utilization.

qfp-ucode-utah

cpp_cp_svr

I am running version 16.12.03 and per the link below, it seems this should have been resolved any advice to help fix this?

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut67872/?rfs=iqvred

Thanks for your help.

balaji.bandi · ‎07-08-2020

The bug clearly not mentioned it was fixed on this release 16.12.X not it was reported by anyone (means this is the latest version) people not yet upgraded to this version.

try role back 16.11.1a where this was mentioned as a fix, if still, you looking to continue with 16.12.X (there is 16.12.3a available to upgrade and open a TAC case for resolution).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help