NAT: PRE-Nat and POST-Nat address are matchings

Brad Nightingale · ‎08-02-2016

I have a CISCO 897 thats used on a fairly user heavy site. They would suddenly stop being able to NAT traffic outbound and generally nothing is able to transit the router outbound to the internet with NAT. Stats are:

ROUTER#sh ip nat stat
Total active translations: 15105 (0 static, 15105 dynamic; 15105 extended)
Peak translations: 15429, occurred 00:00:06 ago
Outside interfaces:
Dialer0, Virtual-Access2
Inside interfaces:
Vlan1
Hits: 4676009 Misses: 0
CEF Translated packets: 4635095, CEF Punted packets: 40703
Expired translations: 59665
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 105 interface Dialer0 refcount 15072

Total doors: 2
Appl doors: 0
Normal doors: 2
Queued Packets: 0

Ping works, but you cant web-browse for example. Its like the router stops to NAT traffic for some reason. The CPU use is ok and so is the memory use.

I have changed the default NAT trans timeout from 24hrs to 60mins for all / tcp / udp which I hope helps, but I have turned debugging and am getting the following:

NAT: PRE-Nat and POST-Nat address are matchings=X.X.X.X -> Y.Y.Y.Y, where X is the external IP address of the router and Y is some random Public IP address.

Added to this Im not sure what the following command means (i.e. what does 0 mean):

ip nat translation max-entries 0

Your help appreciated.

Brad

mvsheik123 · ‎08-02-2016

Hi,

Never used that command in prod environment but based on the below link, it may be the reason. Try removing that command (no ip nat translation max-entries 0). Check the explanation of the command ...

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#wp3226924080

hth

MS