Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1599
Views
0
Helpful
1
Replies

NAT Problem? High amount of NAT Translations.

Go to solution
Russell Stamey
Level 1
Level 1

‎12-17-2014 07:46 PM

I have a customer with one particular site that is constantly complaining about performance.

 

They have a 871 at the remote location with 4 IPsec tunnels built over to WAN connections back to their vendor that host the database and software.

 

There are about 50 people that work at this location, but I am showing 3410 current connections with a peak of 14703. I don't see how this is possible with only 50 people and am starting to lean towards the NAT config that may be causing the poor performance the users are experiencing.

 

Auffen_Washington#show ip nat statistics
Total active translations: 3410 (0 static, 3410 dynamic; 3410 extended)
Peak translations: 14703, occurred 2d05h ago
Outside interfaces:
  FastEthernet4, Tunnel401, Tunnel0, Tunnel11, Vlan3, Tunnel101, Tunnel201
  Tunnel301
Inside interfaces:
  Vlan1, Vlan2
Hits: 574573468  Misses: 0
CEF Translated packets: 566630850, CEF Punted packets: 45186206
Expired translations: 10381404
Dynamic mappings:
-- Inside Source
[Id: 1] access-list NAT_Wireless_DMS interface Loopback1 refcount 0
[Id: 2] route-map NAT_Failover interface Vlan3 refcount 0
[Id: 3] route-map NAT_Primary interface FastEthernet4 refcount 3410
Appl doors: 0
Normal doors: 0
Queued Packets: 0
 

 

 

Any help would be greatly appreciated.

 

Thanks,

Russell Stamey

 

 

 

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ghostinthenet
Level 7
Level 7

‎12-19-2014 08:16 AM

NAT translations, by default, stay active for a very long time. If I recall correctly, it's 24 hours, but I would have to look that up to be sure. They don't take a lot of memory, so this is normally not a problem, but if you're experiencing conditions that you think might be caused by this, it's easy enough to limit the timeout.

ip nat translation timeout 1800

This will set the timeout for new connections to half an hour. Existing connections will still keep their original timeouts, so you may want to wait for a slow period to make the change and issue a "clear ip nat translation *" right afterwards to clear the existing translations.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ghostinthenet
Level 7
Level 7

‎12-19-2014 08:16 AM

NAT translations, by default, stay active for a very long time. If I recall correctly, it's 24 hours, but I would have to look that up to be sure. They don't take a lot of memory, so this is normally not a problem, but if you're experiencing conditions that you think might be caused by this, it's easy enough to limit the timeout.

ip nat translation timeout 1800

This will set the timeout for new connections to half an hour. Existing connections will still keep their original timeouts, so you may want to wait for a slow period to make the change and issue a "clear ip nat translation *" right afterwards to clear the existing translations.

0 Helpful
Customers Also Viewed These Support Documents