Solved: Re: Static NAT translations stop working when arp expires on the - Page 2

ivohristov · ‎07-27-2010

Hello Dears,

I have recently installed a router with CME funcionality to be a gateway for a small network. The router has one public IP address for it outside interface witch handles the PAT for the internal hosts. There are 3 static nat translations on another public adderss from the same pool as the IP address on the outside interface. The first and the second static nat transaltions are for port 25 and 88 and the third is on port 80. The router works properly for certain amount of time and sudenly stops all traffic for the three static nat entries(despite PAT on the outside interface works fine). Traffic does not come back until I remove one of the static nat entries and put it back again. I checked the arp entries and I found out that when they expire traffic stops. When I remove and put back the static entries arp table refills and traffic comes back again. Can you tell me how I can handle this?
Thanks,

Ivaylo

Nagaraja Thanthry · ‎08-19-2010

Hello,

The symptoms kind of match the bug descriptions although the image they are running is not in the affected list (in fact, that code should have the fix in it). However, I guess it could be a good idea to try the workaround to see if that helps. If that does, you can contact TAC and they will be able to dig deeper to see if the 12.4(24)T3 code indeed has the fix or not.

Regards,

NT

gcarson73 · ‎04-11-2016

I have found the solution! DO NOT USE IP NAT POOL!!!! (if you are using Static and Dynamic NAT Simultaneously)

"the same IP address cannot be used for the NAT static configuration or in the pool for NAT dynamic configuration."

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html

If you are Configuring Static and Dynamic NAT Simultaneously, the setup should be like below

ip nat inside source list 1 interface g0/0 overload


ip nat inside source static tcp 10.10.10.1 25 172.16.130.2 25


*I changed my IP nat pool mynatpool 99.3.81.66 99.3.81.66, so the range would be only 1 publick IP, and my static NAT still stopped working for the FTP server...but after I removed
no ip nat pool mynatpool 99.3.81.66 99.3.81.66 prefix-length 24
no ip nat inside source list 1 pool mynatpool overload
and added
ip nat inside source list 1 interface G0/0 overload

I have had 3 days without any Static NAT issues!

ivohristov · ‎09-28-2010

Problem has been solved by adding a secondary IP address on the outside interface. The address being the problematic NAT address.
Sorry for the late reply. Thank you all.
Best regards,
Ivaylo

rvetrovec1 · ‎10-26-2010

Hi Ivaylo Hristov

did you apply a secondary PUBLIC ip address to solve the problem or any ip address????

Greetings

ivohristov · ‎10-26-2010

Hi,

I have applied the public IP address on which do the NAT. This solved the problem.

rvetrovec1 · ‎10-26-2010

i'm sorry

did you apply the public ip address of the IP that stop working or another public ip within the segment????

I have the same problem... but with 2 or 3 ip address...

rvetrovec1 · ‎10-26-2010

i got this answer on ittoolbox.com

i think you have dynamic NAT (or PAT) also in your same router and the same private ip address is also covered by dynamic NAT, if this is the case then add deny statement in the access list of dynamic nat which will avoid the same address used by dynamic nat.

Well, my poll access list on the NAT for everyone else has no the SERVER that's stop working after FTP...

i'm set the secondary ip address and set the access-list of the pool to denied the server for test... let you know about results!!!!

Static NAT translations stop working when arp expires on the outside interface.