07-13-2009 10:22 PM - edited 03-06-2019 06:45 AM
Hi All,
I have the below NAT statements configured in my Cisco IOS FW, and those acting as strange in some times.
sometimes its giving problems like NAT not happening (seesm stoped)
When i manually remove and re-add same NAT statement then its working fine
Experts can someone tell me why this is happening like this, what could be the problem
Please find the below NAT statements
ip nat pool nonat 195.34.5.67 195.34.5.67 netmask 255.255.255.248
ip nat source static 195.34.5.68 10.38.2.11 route-map DKRGLDAP extendable
ip nat source static 10.38.2.11 195.34.4.68 route-map DKRGLDAP extendable
ip nat inside source route-map nonat pool nonat overload
ip nat inside source static tcp 192.178.119.30 80 195.34.5.68 80 extendable
ip nat inside source static tcp 10.38.2.11 389 195.34.5.68 389 extendable
ip nat inside source static tcp 192.178.119.30 443 195.34.5.68 443 extendable
ip nat inside source static tcp 10.17.1.10 21 195.34.5.69 21 extendable
ip nat inside source static tcp 192.178.119.20 25 195.34.5.69 25 extendable
ip nat inside source static tcp 10.46.5.40 443 195.34.5.69 443 extendable
ip nat inside source static tcp 10.17.1.10 1503 195.34.5.69 1503 extendable
ip nat inside source static tcp 10.46.5.40 1741 195.34.5.69 1741 extendable
ip nat inside source static tcp 10.17.1.10 3299 195.34.5.69 3299 extendable
ip nat inside source static 10.28.2.200 195.34.5.70 extendable
ip nat inside source static 10.46.5.100 195.34.4.37 extendable
ip nat inside source static tcp 10.17.1.20 21 195.34.4.38 21 extendable
ip nat inside source static tcp 10.17.1.20 1503 195.34.4.38 1503 extendable
ip nat inside source static tcp 10.17.1.20 3299 195.34.4.38 3299 extendable
Regards,
Naidu.
07-14-2009 05:12 AM
Hello Naidu,
please add a sh ver to tell us the router model and IOS image that is running.
verify also
sh proc mem | inc Free
the amount of free memory over time
sh ip nat translations
check the number of NAT entries
sh proc cpu | inc util
sh proc cpu sorted 1min
sh proc cpu history
Hope to help
Giuseppe
07-14-2009 06:16 AM
Hi Giuseppe,
Thank you very much for your response.
Regarding number of NAT entries are there only howmany i mentioned in my first post.
And the NAT entry (ip nat inside source static 10.28.2.200 195.34.5.70 extendable) which we are facing regular trouble is having only one entry with one public IP, then every time if i remove and add it again its working fine.
There might be more translations for this entrie as this is for VPN.
Please find the below details as you suggested:
#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Sat 18-Nov-06 15:32 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
DKIGNFW01 uptime is 11 weeks, 5 days, 14 hours, 39 minutes
System returned to ROM by power-on
System restarted at 01:36:28 UTC Thu Apr 23 2009
System image file is "flash:c1841-adventerprisek9-mz.124-11.T.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 1841 (revision 6.0) with 236544K/25600K bytes of memory.
Processor board ID FCZ1037221E
2 FastEthernet interfaces
#sh proc mem | inc Free
Processor Pool Total: 169860960 Used: 132651524 Free: 37209436
I/O Pool Total: 26214400 Used: 4195904 Free: 22018496
PID TTY Allocated Freed Holding Getbufs Retbufs Process
#sh proc cpu | inc util
CPU utilization for five seconds: 8%/5%; one minute: 13%; five minutes: 39%
Regarding CPU usage is 20% average.
Regards,
Naidu.
07-17-2009 10:45 AM
Hello Naidu,
sorry I missed your answer.
I don't know if you have solved this issue.
However, I would suggest the following:
what if instead of troublesome entry
ip nat inside source static 10.28.2.200 195.34.5.70 extensible
you use
ip nat inside source static 10.28.2.200 195.34.5.70
+
ip nat outside source static 195.34.5.70 10.28.2.200
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide