Solved: Re: Static NAT translations stop working when arp expires on the

ivohristov · ‎07-27-2010

Hello Dears,

I have recently installed a router with CME funcionality to be a gateway for a small network. The router has one public IP address for it outside interface witch handles the PAT for the internal hosts. There are 3 static nat translations on another public adderss from the same pool as the IP address on the outside interface. The first and the second static nat transaltions are for port 25 and 88 and the third is on port 80. The router works properly for certain amount of time and sudenly stops all traffic for the three static nat entries(despite PAT on the outside interface works fine). Traffic does not come back until I remove one of the static nat entries and put it back again. I checked the arp entries and I found out that when they expire traffic stops. When I remove and put back the static entries arp table refills and traffic comes back again. Can you tell me how I can handle this?
Thanks,

Ivaylo

rvetrovec1 · ‎10-26-2010

Hi Ivaylo Hristov

did you apply a secondary PUBLIC ip address to solve the problem or any ip address????

Greetings

View solution in original post

Nagaraja Thanthry · ‎07-27-2010

Hello,

Technically, the issue seems to be with the next hop device (ISP router) that is loosing the ARP entry and not ARPing again. But as a workaround, please try this:

arp ARPA

Please repeat the above for all three IP's which have static mapping. That should help you fix the issue.

Hope this helps.

Regards,

NT

ivohristov · ‎08-19-2010

Thank you for your suggestion but this work around does not work. I have already tied it. I will apprecite if you have any other suggestions.
Regards,

Ivaylo

paolo bevilacqua · ‎08-19-2010

Which exact IOS are you using ?

How is the router connected to ISP device ?

Can you send "show interface" for the one in question ?

Also please report here how your default route is configured.

Nagaraja Thanthry · ‎08-19-2010

Hello,

Do you have access to the ISP router? If yes, can you add a static entry there? Or, you can ask the ISP to add an entry for you. Also, please make sure that the interface facing ISP has proxy-arp enabled.

Interface

ip proxy-arp

Hope this helps.

Regards,

NT

paolo bevilacqua · ‎08-19-2010

Do you have access to the ISP router? If yes, can you add a static entry there? Or, you can ask the ISP to add an entry for you. Also, please make sure that the interface facing ISP has proxy-arp enabled.

Incorrect, none of the setting above is necessary on a normally working situation. The reason for the problem lies somewhere else.

Nagaraja Thanthry · ‎08-19-2010

Hello,

Normally, when the ARP entry expires on the ISP router for the advertised

address, it has to refresh it. But in this case, the issue seems to be that

the ISP router is not refreshing its ARP cache entry. So, adding a static

entry would be a workaround to make sure that the setup works. While this is

not an ideal solution, in situations where you do not have control over ISP

devices for troubleshooting, this is the easiest way to make it work.

Hope this clears up things.

Regards,

NT

paolo bevilacqua · ‎08-19-2010

Normally, when the ARP entry expires on the ISP router for the advertised address, it has to refresh it. But in this case, the issue seems to be that the ISP router is not refreshing its ARP cache entry. So, adding a static entry would be a workaround to make sure that the setup works. While this is not an ideal solution, in situations where you do not have control over ISP devices for troubleshooting, this is the easiest way to make it work.

I work with Internet connections everyday since 16 years now and I have never seen or heard a case as you describe above.

I am convinced the problem lies in the OP router side, and we shall be able to find out once the information I have requested above is made available to us.

ivohristov · ‎08-19-2010

The interface configuration os the following :

interface GigabitEthernet0/0
description ### To ISP ###
ip address 84.242.142.196 255.255.255.248
ip access-group OUTBOUND out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable

The default route is:

ip route 0.0.0.0 0.0.0.0 84.242.142.193

The router is connected to the ISP by a madia convertor in whitch an optic cable enters.
I have noticed that when arp for IP address 84.242.142.194 expires all sessions stop. When I flush the arp of the router everithing is working properly.

We have this:

ip nat pool SMTP 84.242.142.194 84.242.142.194 netmask 255.255.255.248
ip nat inside source list 20 pool SMTP overload
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.2.9 25 84.242.142.194 25 extendable
ip nat inside source static tcp 192.168.2.10 80 84.242.142.194 80 extendable
ip nat inside source static tcp 192.168.2.9 88 84.242.142.194 88 extendable

......

Access-list 20 has the IP address of the SMTP server since our client wants internet connectivity to it.
Access-list NAT has the ip addresses of the network users.
If you have any further questions, please ask.
Regards

Nagaraja Thanthry · ‎08-19-2010

Hello,

Where are you checking the ARP expiry information?

Regards,

NT

ivohristov · ‎08-19-2010

On the customers router with sh arp command.

Static NAT translations stop working when arp expires on the outside interface.