07-27-2010 01:43 AM - edited 03-04-2019 09:11 AM
Hello Dears,
I have recently installed a router with CME funcionality to be a gateway for a small network. The router has one public IP address for it outside interface witch handles the PAT for the internal hosts. There are 3 static nat translations on another public adderss from the same pool as the IP address on the outside interface. The first and the second static nat transaltions are for port 25 and 88 and the third is on port 80. The router works properly for certain amount of time and sudenly stops all traffic for the three static nat entries(despite PAT on the outside interface works fine). Traffic does not come back until I remove one of the static nat entries and put it back again. I checked the arp entries and I found out that when they expire traffic stops. When I remove and put back the static entries arp table refills and traffic comes back again. Can you tell me how I can handle this?
Thanks,
Ivaylo
Solved! Go to Solution.
10-26-2010 07:11 AM
did you apply a secondary PUBLIC ip address to solve the problem or any ip address????
Greetings
07-27-2010 06:10 AM
Hello,
Technically, the issue seems to be with the next hop device (ISP router) that is loosing the ARP entry and not ARPing again. But as a workaround, please try this:
arp
Please repeat the above for all three IP's which have static mapping. That should help you fix the issue.
Hope this helps.
Regards,
NT
08-19-2010 05:30 AM
Thank you for your suggestion but this work around does not work. I have already tied it. I will apprecite if you have any other suggestions.
Regards,
Ivaylo
08-19-2010 05:32 AM
Which exact IOS are you using ?
How is the router connected to ISP device ?
Can you send "show interface" for the one in question ?
Also please report here how your default route is configured.
08-19-2010 05:40 AM
Hello,
Do you have access to the ISP router? If yes, can you add a static entry there? Or, you can ask the ISP to add an entry for you. Also, please make sure that the interface facing ISP has proxy-arp enabled.
Interface
ip proxy-arp
Hope this helps.
Regards,
NT
08-19-2010 05:56 AM
Do you have access to the ISP router? If yes, can you add a static entry there? Or, you can ask the ISP to add an entry for you. Also, please make sure that the interface facing ISP has proxy-arp enabled.
Incorrect, none of the setting above is necessary on a normally working situation. The reason for the problem lies somewhere else.
08-19-2010 06:12 AM
Hello,
Normally, when the ARP entry expires on the ISP router for the advertised
address, it has to refresh it. But in this case, the issue seems to be that
the ISP router is not refreshing its ARP cache entry. So, adding a static
entry would be a workaround to make sure that the setup works. While this is
not an ideal solution, in situations where you do not have control over ISP
devices for troubleshooting, this is the easiest way to make it work.
Hope this clears up things.
Regards,
NT
08-19-2010 06:20 AM
Normally, when the ARP entry expires on the ISP router for the advertised address, it has to refresh it. But in this case, the issue seems to be that the ISP router is not refreshing its ARP cache entry. So, adding a static entry would be a workaround to make sure that the setup works. While this is not an ideal solution, in situations where you do not have control over ISP devices for troubleshooting, this is the easiest way to make it work.
I work with Internet connections everyday since 16 years now and I have never seen or heard a case as you describe above.
I am convinced the problem lies in the OP router side, and we shall be able to find out once the information I have requested above is made available to us.
08-19-2010 06:21 AM
The interface configuration os the following :
interface GigabitEthernet0/0
description ### To ISP ###
ip address 84.242.142.196 255.255.255.248
ip access-group OUTBOUND out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
The default route is:
ip route 0.0.0.0 0.0.0.0 84.242.142.193
The router is connected to the ISP by a madia convertor in whitch an optic cable enters.
I have noticed that when arp for IP address 84.242.142.194 expires all sessions stop. When I flush the arp of the router everithing is working properly.
We have this:
ip nat pool SMTP 84.242.142.194 84.242.142.194 netmask 255.255.255.248
ip nat inside source list 20 pool SMTP overload
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.2.9 25 84.242.142.194 25 extendable
ip nat inside source static tcp 192.168.2.10 80 84.242.142.194 80 extendable
ip nat inside source static tcp 192.168.2.9 88 84.242.142.194 88 extendable
......
Access-list 20 has the IP address of the SMTP server since our client wants internet connectivity to it.
Access-list NAT has the ip addresses of the network users.
If you have any further questions, please ask.
Regards
08-19-2010 06:34 AM
Hello,
Where are you checking the ARP expiry information?
Regards,
NT
08-19-2010 06:39 AM
On the customers router with sh arp command.
08-19-2010 06:41 AM
Exact IOS used ?
Show interface g0/0 please ?
You should also take a "debug arp". it is also possible some that device unexpectedly duplicates your address.
08-19-2010 07:24 AM
#sh interfaces gigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 6416.8dd6.27e0 (bia 6416.8dd6.27e0)
Description: ### To ISP ###
Internet address is 84.242.142.196/29
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 16/255, rxload 6/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is T
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 5/75/853/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2470000 bits/sec, 593 packets/sec
5 minute output rate 6466000 bits/sec, 806 packets/sec
48746244 packets input, 2198265361 bytes, 9 no buffer
Received 142966 broadcasts, 0 runts, 0 giants, 399 throttles
30415 input errors, 0 CRC, 0 frame, 0 overrun, 30415 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
74627417 packets output, 3099711683 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
The configuration I have possed above.
The IOS is c2800nm-advipservicesk9-mz.124-24.T3.bin
At the beginning it was another one but we have changed it since there was a problem in the version.
08-19-2010 08:16 AM
Input queue: 5/75/853/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2470000 bits/sec, 593 packets/sec
5 minute output rate 6466000 bits/sec, 806 packets/sec
48746244 packets input, 2198265361 bytes, 9 no buffer
Received 142966 broadcasts, 0 runts, 0 giants, 399 throttles
30415 input errors, 0 CRC, 0 frame, 0 overrun, 30415 ignored
Even if just a fraction of the total, this error count seems excessive.
Please increase hold-queue in to 200, clear counters, monitor inerface over time.
Chances are, the missed ARPs are among the "ignored" packets.
Also, if you have 512MB RAM, can you upgrade to 12.5(1)M3 ? It is VERY stable for CME and is the only one with MD qualification now.
08-19-2010 05:37 PM
CSCsi32425
Symptoms: A router that is configured for static NAT translations may lose its external/global ARP entry for a NAT address.
Conditions: This symptom is observed when traffic flows run across the router, for example, when the client is outside and server is inside, and when static NAT translation is used for periods of about two minutes.
Workaround: Configure a route map that matches the static NAT translation, and apply the static NAT entry by entering either one of the following commands:
- ip nat inside source static tcp local-ip local-port global-ip global-port route-map
name reversible
- ip nat inside source static local-ip global-ip route-map name reversible
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: