Solved: clear the specific Nat Translation entry using clear ip nat translation?

Talha · ‎02-26-2020

Hi,

I am trying to remove static nat but getting error that static nat is in use. I don't wan to clear complete nat trans*. Is there any way I can remove nat entries for specific lan ip? following are few entries I am looking

tcp 206.x.x.x:3389 192.168.50.6:3389 31.207.47.xx:58390 31.207.47.52:58390
tcp 206.x.x.x:3389 192.168.50.6:3389 31.207.47.xx:59006 31.207.47.52:59006
tcp 206.x.x.x:3389 192.168.50.6:3389 31.207.47.xx:59560 31.207.47.52:59560
tcp 206.x.x.x:3389 192.168.50.6:3389 82.202.247.xx:26700 82.202.247.83:26700
tcp 206.x.x.x:3389 192.168.50.6:3389 92.63.194.xx:1411 92.63.194.53:1411
tcp 206.x.x.x:3389 192.168.50.6:3389 92.63.194.xx:2028 92.63.194.53:2028

Regards,

Cristian Matei · ‎03-01-2020

Hi,

The following log ("tcp 206.214.xx.xx:3389 192.168.50.6:3389 --- ---") shows a simple NAT translation entry, which comes from your static/dynamic NAT configuration; if it's static NAT, it cannot be removed from the NAT table unless you remove the static NAT command from your configuration (if you could remove it, it would defeat the purpose of static NAT to being with); if it's dynamic NAT, you can clear it with "clear ip nat translation inside global_ip local_ip forced", which will clear also the corresponding child/extended translation entries identifying the traffic flows (tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:29373 185.202.2.166:2937 3)

The following log (tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:29373 185.202.2.166:2937 3) shows an extended NAT translation entry, which identifies a traffic flow, if you want to remove a specific one, use "clear ip nat translation tcp inside global-ip global-port local-ip local-port outside local-ip local-port-global-ip global-port".

Regards,

Cristian Matei.

View solution in original post

Mark Malone · ‎02-26-2020

Hi
yes like below

clear ip nat translation inside ?
A.B.C.D Global IP address

clear ip nat translation inside global-ip local-ip [outside local-ip global-ip]

Cristian Matei · ‎02-26-2020

Hi,

Use "clear ip nat translation tcp inside GLOBAL_IP GLOBAL_PORT LOCAL_IP LOCAL_PORT".

Regards,

Cristian Matei.

Talha · ‎02-26-2020

I ran these commands but still unable to remove the static rdp nat. still getting static entry in use :(

But well my question is answered

Mark Malone · ‎02-26-2020

Check the "show run | i ip nat" see if there is a specific entry in place for that connection

Talha · ‎02-27-2020

Hi Mark,

Yes I can see them there. Does that mean that command did not run successfully?

Mark Malone · ‎02-27-2020

It means the entry will always show as in use until its removed from running config as its a static/manual entry

Remove it if you dont need it ,it will remove from NAT table then

Conf t

Then just no ip nat and the specific statement line

Talha · ‎02-28-2020

Hi,

I think I am missing something in here. Its still saying me can not remove.

Sorry I am not a pro in CLi. Below is the output for your reference. I need to remove rdp open port to 192.168.50.6. Can you further advise please?

IPO-OBC-R1#sh ip nat trans | i 192.168.50.6
tcp 206.214.xx.xx:1723 192.168.50.6:1723 92.63.194.27:37744 92.63.194.27:37744
tcp 206.214.xx.xx:1723 192.168.50.6:1723 92.63.194.27:60108 92.63.194.27:60108
tcp 206.214.xx.xx:1723 192.168.50.6:1723 92.63.194.31:33059 92.63.194.31:33059
tcp 206.214.xx.xx:1723 192.168.50.6:1723 92.63.194.31:44157 92.63.194.31:44157

tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:16386 185.202.2.166:1638 6
tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:23280 185.202.2.166:2328 0
tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:25048 185.202.2.166:2504 8
tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:29373 185.202.2.166:2937 3
tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:53161 185.202.2.166:5316 1
tcp 206.214.xx.xx:3389 192.168.50.6:3389 --- ---

IPO-OBC-R1# sh run | i ip nat
ip nat outside
ip nat inside
ip nat inside
ip nat inside
ip nat inside
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.50.6 3389 interface GigabitEthernet0/0 3389
ip nat inside source static tcp 192.168.50.6 1723 interface GigabitEthernet0/0 1723

IPO-OBC-R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IPO-OBC-R1(config)#$tcp 192.168.50.6 3389 interface GigabitEthernet0/0 3389
%Static entry in use, cannot remove
IPO-OBC-R1(config)#

Cristian Matei · ‎03-01-2020

Hi,

The following log ("tcp 206.214.xx.xx:3389 192.168.50.6:3389 --- ---") shows a simple NAT translation entry, which comes from your static/dynamic NAT configuration; if it's static NAT, it cannot be removed from the NAT table unless you remove the static NAT command from your configuration (if you could remove it, it would defeat the purpose of static NAT to being with); if it's dynamic NAT, you can clear it with "clear ip nat translation inside global_ip local_ip forced", which will clear also the corresponding child/extended translation entries identifying the traffic flows (tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:29373 185.202.2.166:2937 3)

The following log (tcp 206.214.xx.xx:3389 192.168.50.6:3389 185.202.2.166:29373 185.202.2.166:2937 3) shows an extended NAT translation entry, which identifies a traffic flow, if you want to remove a specific one, use "clear ip nat translation tcp inside global-ip global-port local-ip local-port outside local-ip local-port-global-ip global-port".

Regards,

Cristian Matei.