Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
1
Replies

HELP - Inward NAT failing

l.d.landis
Level 1
Level 1

‎11-12-2011 12:34 PM - edited ‎03-07-2019 03:21 AM

Previously posted as C2900 - inward NAT partial success...

Hi,

Running C2900-UNIVERSALK8-M, Version 15.0(1)M3 RELEASE SOFTWARE (fc2)

I have several sets of inward NAT defined (51001-51007, 52001-52007. 53001-53007),

all to various internal addresses. When I attempted to add another set, the new ones

do not work and get a "timeout" error.

When I tried port 51008, it gets a timeout.  When I changed 51008 to 51010, the 51010

now gets a timeout, and 51008 now gets "connection refused" (which I expect).

The original sets all work, the new ones (added at the end of the lists) do not.

When I am on any of the internal machines, the target (192.168.1.21) works fine.

When I am "in the router", I can connect via the ssh command, so I know that the

router can talk to 192.168.1.21 on port 22 as expected.

I now have 33 "ip nat inside source static" lines (there were 30 before the new ones):

ip nat inside source list 1 interface GigabitEthernet0/0 overload

and all of the ip nat inside lines are of the form:

ip nat inside source static tcp 192.168.1.x 22 interface GigabitEthernet0/0 51xxx

where the x octet is per machine, the 22 is 22, 443 or 9234 and 51xxx is 51001-51007 or

52001-52007 or 53001-53007 and I have

access-list 1 permit 192.168.1.0 0.0.0.255

Have I overflowed some "default" limit?

The router shows things correctly (see below).

Cheers,

  --ldl

> show ip nat translations

Pro Inside global      Inside local        Outside local      Outside global

tcp 76.113.46.9:51010  192.168.1.21:22     ---                ---

tcp 76.113.46.9:52010  192.168.1.21:443    ---                ---

tcp 76.113.46.9:53010  192.168.1.21:9234   ---                ---

...

tcp 76.113.46.9:51007  192.168.1.21:22     ---                ---

tcp 76.113.46.9:52007  192.168.1.21:443    ---                ---

tcp 76.113.46.9:53007  192.168.1.21:9234   ---                ---

Labels:
117040-3960.ip.nat.zip
117041-3960.config.zip
0 Helpful
1 Reply 1

Dan Frey
Cisco Employee
Cisco Employee

‎11-14-2011 01:35 PM

I see "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0" in your config.   This can cause high CPU and lots of memory to be used since it will try and arp for every address.    DHCP should give you a default gateway (by default), if it does not change this command to ip route 0.0.0.0 0.0.0.0 dhcp.   Clear the arp cache or reboot and see if that helps.

Dan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card