cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1760
Views
0
Helpful
4
Replies
Highlighted
Beginner

Static NAT entry showing expiring in debug

I am having an issue with connectivity to a printer via NAT - people cannot print to it.  The debug shows my static NAT keeps expiring, I thought they never expired.  Here are the relevant parts of my config, it is a 2901 router running IOS 15.4(3)-M8

 

ip nat inside source static 10.10.10.122 1.1.1.10

ip route 164.156.185.0 255.255.255.0 SERIAL PORT WAN ADDRESS

 

There are no access lists, no filters, no route maps, no NAT pool, etc.  Pretty basic.  I did a debug ip nat det and this is what it shows

 

May 21 13:08:42.675: NAT: o: tcp (164.156.185.89, 55402) -> (1.1.1.10, 9100) [25228]
May 21 13:08:42.675: NAT: s=164.156.185.89, d=1.1.1.10->10.10.10.122 [25228]
May 21 13:08:42.727: NAT: API parameters passed: src_addr:164.156.185.73, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:219A6A2C get_translated:1
May 21 13:08:42.727: ipnat_api_translated_address_and_port_common, out->in want IL,OL
May 21 13:08:42.727: NAT: API Translated-Info(1): (src-addr:164.156.185.73, src-port:0) (dest-addr:10.10.10.122, dest-port:0)
May 21 13:08:42.727: NAT: o: tcp (164.156.185.73, 63301) -> (1.1.1.10, 9100) [19601]
May 21 13:08:42.727: NAT: s=164.156.185.73, d=1.1.1.10->10.10.10.122 [19601]
May 21 13:08:44.679: NAT: o: tcp (164.156.185.79, 61100) -> (1.1.1.10, 9100) [15496]
May 21 13:08:44.679: NAT: s=164.156.185.79, d=1.1.1.10->10.10.10.122 [15496]
May 21 13:08:45.423: NAT: o: tcp (164.156.185.90, 64796) -> (1.1.1.10, 9100) [5472]
May 21 13:08:45.423: NAT: s=164.156.185.90, d=1.1.1.10->10.10.10.122 [5472]
May 21 13:08:45.739: NAT: o: tcp (164.156.185.73, 63301) -> (1.1.1.10, 9100) [19602]
May 21 13:08:45.743: NAT: s=164.156.185.73, d=1.1.1.10->10.10.10.122 [19602]
May 21 13:08:45.779: NAT: expiring 1.1.1.10 (10.10.10.122) tcp 9100 (9100)
May 21 13:08:46.287: NAT: API parameters passed: src_addr:164.156.185.93, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:3D807AF8 get_translated:1
May 21 13:08:46.287: ipnat_api_translated_address_and_port_common, out->in want IL,OL
May 21 13:08:46.287: NAT: API Translated-Info(1): (src-addr:164.156.185.93, src-port:0) (dest-addr:10.10.10.122, dest-port:0)
May 21 13:08:46.287: NAT: o: tcp (164.156.185.93, 49763) -> (1.1.1.10, 9100) [19957]
May 21 13:08:46.287: NAT: s=164.156.185.93, d=1.1.1.10->10.10.10.122 [19957]
May 21 13:08:46.575: NAT: API parameters passed: src_addr:164.156.185.97, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:4117B654 get_translated:1
May 21 13:08:46.575: ipnat_api_translated_address_and_port_common, out->in want IL,OL
May 21 13:08:46.575: NAT: API Translated-Info(1): (src-addr:164.156.185.97, src-port:0) (dest-addr:10.10.10.122, dest-port:0)
May 21 13:08:46.575: NAT: o: tcp (164.156.185.97, 56945) -> (1.1.1.10, 9100) [32195]
May 21 13:08:46.575: NAT: s=164.156.185.97, d=1.1.1.10->10.10.10.122 [32195]
May 21 13:08:48.852: NAT: expiring 1.1.1.10 (10.10.10.122) tcp 9100 (9100)
May 21 13:08:49.304: NAT: o: tcp (164.156.185.93, 49763) -> (1.1.1.10, 9100) [19958]
May 21 13:08:49.304: NAT: s=164.156.185.93, d=1.1.1.10->10.10.10.122 [19958]
May 21 13:08:49.588: NAT: o: tcp (164.156.185.97, 56945) -> (1.1.1.10, 9100) [32196]
May 21 13:08:49.588: NAT: s=164.156.185.97, d=1.1.1.10->10.10.10.122 [32196]
May 21 13:08:49.808: NAT: API parameters passed: src_addr:164.156.185.103, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:219A6540 get_translated:1
May 21 13:08:49.812: ipnat_api_translated_address_and_port_common, out->in want IL,OL
May 21 13:08:49.812: NAT: API Translated-Info(1): (src-addr:164.156.185.103, src-port:0) (dest-addr:10.10.10.122, dest-port:0)
May 21 13:08:49.812: NAT: o: tcp (164.156.185.103, 53837) -> (1.1.1.10, 9100) [30085]
May 21 13:08:49.812: NAT: s=164.156.185.103, d=1.1.1.10->10.10.10.122 [30085]
May 21 13:08:50.044: NAT: API parameters passed: src_addr:164.156.185.92, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:3E04F2DC get_translated:1
May 21 13:08:50.044: ipnat_api_translated_address_and_port_common, out->in want IL,OL

 


clear ip nat stat
show ip nat stat
Total active translations: 35 (6 static, 29 dynamic; 29 extended)
Peak translations: 39, occurred 00:00:07 ago
Outside interfaces:
Serial0/0/0.100
Inside interfaces:
GigabitEthernet0/0
Hits: 15 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 7
Dynamic mappings:
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

 

wait 1/2 second

 

show ip nat stat
Total active translations: 33 (6 static, 27 dynamic; 27 extended)
Peak translations: 39, occurred 00:00:14 ago
Outside interfaces:
Serial0/0/0.100
Inside interfaces:
GigabitEthernet0/0
Hits: 21 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 11
Dynamic mappings:
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

 

Any insight as to what is going on?

Everyone's tags (3)
4 REPLIES 4
Highlighted
VIP Mentor

Re: Static NAT entry showing expiring in debug

Hello

What are you trying to acheive, Is it to print from external hosts to an internal printer  on 10.10.10.122?

 

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
Beginner

Re: Static NAT entry showing expiring in debug

Yes, external user prints to internal printer.  That way someone in another city can print off something to be physically picked up by a person where the printer resides.

Highlighted
VIP Mentor

Re: Static NAT entry showing expiring in debug

Hello

If this is the primary rtr for internet /wan access, Do you have a default static route or any dynamic routing in place for internet/wan access.

Can you explain this static route- ip route 164.156.185.0 255.255.255.0 SERIAL PORT WAN ADDRESS

If possible please attach the running config of this rtr  (preferably in a txt file)



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
Beginner

Re: Static NAT entry showing expiring in debug

Yes, it is the only path out of the network and into the wider world beyond.

 

I used words instead of my real WAN address to not share with the world what the real WAN address is, for security reasons.  I was showing there is a static route for that network, sending it out to the WAN.  The WAN interface is also the NAT Outside interface and the LAN interface is the NAT Inside interface.