cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4231
Views
0
Helpful
7
Replies

Problem NAT inside

z.elguesmi
Level 1
Level 1

Hi,

a have a router CISCO 1841 and I configured a NAT inside from the router to the firewall like this :

ip nat inside source static firewall_adresse  public_adresse and its work fine and when a added it I do this command "wr" to save the configuration and I restarted the router many times and it still work fine

but in the last five months this NAT does not exsit twice and I must add it a gain

can you help please or explain why happened this

thx

3 Accepted Solutions

Accepted Solutions

Rahul Kukreja
Level 1
Level 1

This look like a software issue. Check if your IOS is hitting the following software defect -

CSCsi30964   

Static NAT statement disappears from running-configuration

tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi30964

Also please post the output of show run, sh ver and which NAT statement observed issue.

Please rate the helpful posts.

View solution in original post

Here are the bug details -

+++++++++++++++++++++++++++

Symptoms:

On a Cisco router performing NAT, static NAT statements may disappear from the running-configuration during operation. Any new flows requiring translation via the missing statement may fail.

Conditions:

- This problem was first experienced in IOS 12.4(9)T.

- It has only been reported for extendable, inside source static NAT statements

for TCP ports 80 (HTTP) and 25 (SMTP), with and without a route-map:

Examples:

ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable

ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable route-map nonat

ip nat inside source static tcp x.x.x.x 80 y.y.y.y 80 route-map nonat extendable

- After the statement disappears from the running-configuration, it is still

visible in the startup-configuration.

- Existing translations created before the disappearance are cached in the NAT

translation table and continue to work correctly.

Workaround:

Reload the router.

+++++++++++++++++++++++++++

Could you confirm following : Was the NAT translation there in startup-config, once it was not seen in running-config ?

You are using 124-11.XJ4 IOS. I don't think the defect is resolved in this IOS.

In mainline train the defect is fixed from 12.4(18b) onwards.

Please check the Release notes and features in use available in the mainline release if you are planning for upgrade.

<>

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.

<>

You have 128 Mb of DRAM on this router.

Please rate the helpful posts.

View solution in original post

I'm not sure if I understand your question correctly..

Are you telling when the VPN traffic is going via this Router, then when you type show run it doesn't show you the output.

and when the VPN traffic is blocked, you are able to see the output.

If that is the case, you may need to check CPU & Memory Utilization, Interface counters on the Router when the issue is happeneing to determine the exact cause.

sh proc cpu sorted | ex 0.00

sh mem stat

sh interface

View solution in original post

7 Replies 7

Rahul Kukreja
Level 1
Level 1

This look like a software issue. Check if your IOS is hitting the following software defect -

CSCsi30964   

Static NAT statement disappears from running-configuration

tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi30964

Also please post the output of show run, sh ver and which NAT statement observed issue.

Please rate the helpful posts.

Hi,

sorry for the delay and thanks for the response

sorry I  cant post the result of show run  my boss refused this but here is the exemple of nat

ip nat inside source static firewall_adresse  public_adresse

==>it  means  all the trafic came in the interface outside of the router will  be translated to the interface outside of the firewall

and the result of show version :

***********************************************************************************************************************************

1841#show version

Cisco IOS Software, 1841 Software (C1841-BROADBAND-M), Version 12.4(11)XJ4, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Fri 13-Jul-07 21:24 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

mdinar uptime is 13 hours, 57 minutes

System returned to ROM by reload at 22:21:15 UTC Sun May 12 2013

System restarted at 22:22:09 UTC Sun May 12 2013

System image file is "flash:c1841-broadband-mz.124-11.XJ4.bin"

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.

Processor board ID FHK13447469

2 FastEthernet interfaces

1 Serial(sync/async) interface

1 ATM interface

DRAM configuration is 64 bits wide with parity disabled.

191K bytes of NVRAM.

31488K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

********************************************************************************************************

and if possible haw can I desplay the total of memory (RAM) and if possible to add more RAM

thx

Here are the bug details -

+++++++++++++++++++++++++++

Symptoms:

On a Cisco router performing NAT, static NAT statements may disappear from the running-configuration during operation. Any new flows requiring translation via the missing statement may fail.

Conditions:

- This problem was first experienced in IOS 12.4(9)T.

- It has only been reported for extendable, inside source static NAT statements

for TCP ports 80 (HTTP) and 25 (SMTP), with and without a route-map:

Examples:

ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable

ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable route-map nonat

ip nat inside source static tcp x.x.x.x 80 y.y.y.y 80 route-map nonat extendable

- After the statement disappears from the running-configuration, it is still

visible in the startup-configuration.

- Existing translations created before the disappearance are cached in the NAT

translation table and continue to work correctly.

Workaround:

Reload the router.

+++++++++++++++++++++++++++

Could you confirm following : Was the NAT translation there in startup-config, once it was not seen in running-config ?

You are using 124-11.XJ4 IOS. I don't think the defect is resolved in this IOS.

In mainline train the defect is fixed from 12.4(18b) onwards.

Please check the Release notes and features in use available in the mainline release if you are planning for upgrade.

<>

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.

<>

You have 128 Mb of DRAM on this router.

Please rate the helpful posts.

thx for replay ,

for your question "

Could you confirm following : Was the NAT translation there in startup-config, once it was not seen in running-config ?"

==> I have not verified the start-up config i added directly the NAT but if it will be happened more time I will verify

If  I will upgrade ths IOS I will tell you if its good or not

another problem :

if there are many trafic the VPN is down and if I type the command " sh run" there is no information to desplay but when I block the PC whose generate the trafic the router work fine and i have a result for " sh run" and the VPN is UP

i would ask if this problem related to RAM ?

Thx for Help

I'm not sure if I understand your question correctly..

Are you telling when the VPN traffic is going via this Router, then when you type show run it doesn't show you the output.

and when the VPN traffic is blocked, you are able to see the output.

If that is the case, you may need to check CPU & Memory Utilization, Interface counters on the Router when the issue is happeneing to determine the exact cause.

sh proc cpu sorted | ex 0.00

sh mem stat

sh interface

in my question I mean :  when there are big trafic in the router the VPN dont work and when I type show run it doesn't show me the output but when I stop the source of this big trafic the vpn is UP and there is an output for the "sh run "

but  I think you answer for my question its a problem of CPU or Memory

thx for all

hello,

please you have any idea how can I configure QoS in the router CISCO1841 for the port IPSEC(UDP 500 ,UDP 4500) and the port tcp 4433

thx for your help

Review Cisco Networking for a $25 gift card