cisco nat timeout problem

Integration Support · ‎01-04-2017

Hi

We're having "CISCO2921/K9" device which is configured with NAT overload with one external internal :

ip nat inside source list 1 interface GigabitEthernet0/0 overload

But this kind of configuration is not very useful to us because every day we used to clear the nat translation table in order to get those users surf the internet again .

So we configured timeout :

ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 3600
ip nat translation finrst-timeout 3600
ip nat translation syn-timeout 3600
ip nat translation dns-timeout 3600
ip nat translation icmp-timeout 3600

Still, this is not useful because some times we've too much users who's trying to surf the internet (about 2000 users) and the nat translation table is full in less than hour ..

We want to know if there is another way to solve this problem other than approaching new public pool and configuring NAT overload with multiple public ip address .

Any advise would be appreciated !!

paul driver · ‎01-05-2017

Hello
The specific one for me would be tcp-timeout which I can see well below 86400000 (1 day/24hrs) default
If you maxing out on the nat table adding another public ip address wont make a difference as my understanding it will still be creating a nat entry in the same table.

What router are you using and its current memory size?
Are you performing nat rate limiting?

sh ip nat statistics

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul