10-11-2013 08:07 AM - edited 03-04-2019 09:17 PM
Hi,
We are a small company and have had years of running on Cisco 2600/2620/2620XM routers without a problem for a very long time. We have a block of public addresses available to us, so we used a static NAT table to separate mail, FTP, CRM, etc.. so that they all had their own IP address that was unique for each major server.
The 2600 routers ran on IOS 12.3 and 12.4 and the NAT table used this config:
ip nat pool OurNATPool x.x.x.99 x.x.x.99 netmask 255.255.255.224
ip nat inside source list 1 pool OurNATPool overload
ip nat inside source static 192.168.1.125 x.x.x.101
ip nat inside source static 192.168.1.71 x.x.x.102
ip nat inside source static 192.168.1.69 x.x.x.103
ip nat inside source static 192.168.1.46 x.x.x.104
ip nat inside source static 192.168.1.4 x.x.x.105
ip nat inside source static 192.168.1.34 x.x.x.106
ip nat inside source static 192.168.1.115 x.x.x.107
ip nat inside source static 192.168.1.83 x.x.x.108
ip nat inside source static 192.168.1.10 x.x.x.109
ip nat inside source static 192.168.1.84 x.x.x.111
ip nat inside source static 192.168.1.136 x.x.x.112
ip nat inside source static 192.168.1.5 x.x.x.125
Over time, our company's internal traffic started to overwhelm the capacity of the FastEthernet adapter and the processing power of the 2600 series routers.
We switched to a Cisco 881W router running IOS 15.1 and set it up to use the same Static NAT configurations.
Everything worked. EXCEPT that the FTP connection mapped for 192.168.1.4 -> x.x.x.105 worked for 10 minutes and then actively refused any connections. Resetting the router brings it back for another 10-15 minutes, and then it just goes away. If we manually go in and remove and re-add the "ip nat inside source static 192.168.1.4 x.x.x.105" line, it comes right back.
I had thought it might be something wrong with the FTP server. I pointed the NAT to a different machine on a different address and the same behaviour happened again.
I put the old 2600 router back online and things worked fine. (But internal ability to access the internet was affected from the router dropping packets)
I went so far as to acquire a Cisco 2821 router running IOS 12.4, yet it ALSO "loses" the NAT translation to the FTP server after 10-15 minutes!
Right now, we are back to using our 881W router. Anyone wishing to access the FTP server has to inform us in advance so we can remove and re-add the line and get them 10-15 minutes of access.
10-11-2013 08:23 AM
Have you run any debugs on ftp? Anything in the logs?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide