Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4233
Views
0
Helpful
7
Replies

Problem NAT inside

Go to solution
z.elguesmi
Level 1
Level 1

‎04-29-2013 07:57 AM - edited ‎03-04-2019 07:45 PM

Hi,

a have a router CISCO 1841 and I configured a NAT inside from the router to the firewall like this :

ip nat inside source static firewall_adresse  public_adresse and its work fine and when a added it I do this command "wr" to save the configuration and I restarted the router many times and it still work fine

but in the last five months this NAT does not exsit twice and I must add it a gain

can you help please or explain why happened this

thx

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Rahul Kukreja
Level 1
Level 1

‎05-03-2013 02:44 PM

This look like a software issue. Check if your IOS is hitting the following software defect -

CSCsi30964   

Static NAT statement disappears from running-configuration

tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi30964

Also please post the output of show run, sh ver and which NAT statement observed issue.

Please rate the helpful posts.

View solution in original post

0 Helpful

Go to solution
Rahul Kukreja
Level 1
Level 1
In response to z.elguesmi

‎05-13-2013 07:09 AM

Here are the bug details -

+++++++++++++++++++++++++++

Symptoms:

On a Cisco router performing NAT, static NAT statements may disappear from the running-configuration during operation. Any new flows requiring translation via the missing statement may fail.

Conditions:

- This problem was first experienced in IOS 12.4(9)T.

- It has only been reported for extendable, inside source static NAT statements

for TCP ports 80 (HTTP) and 25 (SMTP), with and without a route-map:

Examples:

ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable

ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable route-map nonat

ip nat inside source static tcp x.x.x.x 80 y.y.y.y 80 route-map nonat extendable

- After the statement disappears from the running-configuration, it is still

visible in the startup-configuration.

- Existing translations created before the disappearance are cached in the NAT

translation table and continue to work correctly.

Workaround:

Reload the router.

+++++++++++++++++++++++++++

Could you confirm following : Was the NAT translation there in startup-config, once it was not seen in running-config ?

You are using 124-11.XJ4 IOS. I don't think the defect is resolved in this IOS.

In mainline train the defect is fixed from 12.4(18b) onwards.

Please check the Release notes and features in use available in the mainline release if you are planning for upgrade.

<>

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.

<>

You have 128 Mb of DRAM on this router.

Please rate the helpful posts.

View solution in original post

0 Helpful

Go to solution
Rahul Kukreja
Level 1
Level 1
In response to z.elguesmi

‎05-13-2013 11:37 AM

I'm not sure if I understand your question correctly..

Are you telling when the VPN traffic is going via this Router, then when you type show run it doesn't show you the output.

and when the VPN traffic is blocked, you are able to see the output.

If that is the case, you may need to check CPU & Memory Utilization, Interface counters on the Router when the issue is happeneing to determine the exact cause.

sh proc cpu sorted | ex 0.00

sh mem stat

sh interface

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Rahul Kukreja
Level 1
Level 1

‎05-03-2013 02:44 PM

This look like a software issue. Check if your IOS is hitting the following software defect -

CSCsi30964   

Static NAT statement disappears from running-configuration

tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi30964

Also please post the output of show run, sh ver and which NAT statement observed issue.

Please rate the helpful posts.

0 Helpful

Go to solution
z.elguesmi
Level 1
Level 1
In response to Rahul Kukreja

‎05-13-2013 06:28 AM

Hi,

sorry for the delay and thanks for the response

sorry I  cant post the result of show run  my boss refused this but here is the exemple of nat

ip nat inside source static firewall_adresse  public_adresse

==>it  means  all the trafic came in the interface outside of the router will  be translated to the interface outside of the firewall

and the result of show version :

***********************************************************************************************************************************

1841#show version

Cisco IOS Software, 1841 Software (C1841-BROADBAND-M), Version 12.4(11)XJ4, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Fri 13-Jul-07 21:24 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

mdinar uptime is 13 hours, 57 minutes

System returned to ROM by reload at 22:21:15 UTC Sun May 12 2013

System restarted at 22:22:09 UTC Sun May 12 2013

System image file is "flash:c1841-broadband-mz.124-11.XJ4.bin"

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.

Processor board ID FHK13447469

2 FastEthernet interfaces

1 Serial(sync/async) interface

1 ATM interface

DRAM configuration is 64 bits wide with parity disabled.

191K bytes of NVRAM.

31488K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

********************************************************************************************************

and if possible haw can I desplay the total of memory (RAM) and if possible to add more RAM

thx

0 Helpful

Go to solution
Rahul Kukreja
Level 1
Level 1
In response to z.elguesmi

‎05-13-2013 07:09 AM

Here are the bug details -

+++++++++++++++++++++++++++

Symptoms:

On a Cisco router performing NAT, static NAT statements may disappear from the running-configuration during operation. Any new flows requiring translation via the missing statement may fail.

Conditions:

- This problem was first experienced in IOS 12.4(9)T.

- It has only been reported for extendable, inside source static NAT statements

for TCP ports 80 (HTTP) and 25 (SMTP), with and without a route-map:

Examples:

ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable

ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable route-map nonat

ip nat inside source static tcp x.x.x.x 80 y.y.y.y 80 route-map nonat extendable

- After the statement disappears from the running-configuration, it is still

visible in the startup-configuration.

- Existing translations created before the disappearance are cached in the NAT

translation table and continue to work correctly.

Workaround:

Reload the router.

+++++++++++++++++++++++++++

Could you confirm following : Was the NAT translation there in startup-config, once it was not seen in running-config ?

You are using 124-11.XJ4 IOS. I don't think the defect is resolved in this IOS.

In mainline train the defect is fixed from 12.4(18b) onwards.

Please check the Release notes and features in use available in the mainline release if you are planning for upgrade.

<>

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.

<>

You have 128 Mb of DRAM on this router.

Please rate the helpful posts.

0 Helpful

Go to solution
z.elguesmi
Level 1
Level 1
In response to Rahul Kukreja

‎05-13-2013 09:23 AM

thx for replay ,

for your question "

Could you confirm following : Was the NAT translation there in startup-config, once it was not seen in running-config ?"

==> I have not verified the start-up config i added directly the NAT but if it will be happened more time I will verify

If  I will upgrade ths IOS I will tell you if its good or not

another problem :

if there are many trafic the VPN is down and if I type the command " sh run" there is no information to desplay but when I block the PC whose generate the trafic the router work fine and i have a result for " sh run" and the VPN is UP

i would ask if this problem related to RAM ?

Thx for Help

0 Helpful

Go to solution
Rahul Kukreja
Level 1
Level 1
In response to z.elguesmi

‎05-13-2013 11:37 AM

I'm not sure if I understand your question correctly..

Are you telling when the VPN traffic is going via this Router, then when you type show run it doesn't show you the output.

and when the VPN traffic is blocked, you are able to see the output.

If that is the case, you may need to check CPU & Memory Utilization, Interface counters on the Router when the issue is happeneing to determine the exact cause.

sh proc cpu sorted | ex 0.00

sh mem stat

sh interface

0 Helpful

Go to solution
z.elguesmi
Level 1
Level 1
In response to Rahul Kukreja

‎05-14-2013 09:01 AM

in my question I mean :  when there are big trafic in the router the VPN dont work and when I type show run it doesn't show me the output but when I stop the source of this big trafic the vpn is UP and there is an output for the "sh run "

but  I think you answer for my question its a problem of CPU or Memory

thx for all

0 Helpful

Go to solution
z.elguesmi
Level 1
Level 1
In response to z.elguesmi

‎05-30-2013 04:25 AM

hello,

please you have any idea how can I configure QoS in the router CISCO1841 for the port IPSEC(UDP 500 ,UDP 4500) and the port tcp 4433

thx for your help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card