sh ip nat statistics shows high missed paquets missed

ROGER FERNANDO MAJO ZACARIAS · ‎12-16-2010

Hi,

We are having problems with users that are being natted.

We have defined nat pool to cover each user segment.

These ranges are not overseized but when the users said that they can not go trough internet what we do is to clear ip nat translations and the problem is resolved.

We have modified the ip nat translations timeout as follow:

ip nat translations timeout 3600
ip nat translations tcp-timeout 3600
ip nat translations udp-timeout 300

with the purpose to liberage nat connections from default(ip nat translations timeout is by default setted to 24 hours) but the problem persist.

We are attaching the output of: sh ip nat statistics, the configuracion of nat at router .

Can somebody tell us why we see missed paquetes if there the pool is not oversized?.

Thanking you in advance.

Roger

cadet alain · ‎12-23-2010

Hi,

with the purpose to liberage nat connections from default(ip nat translations timeout is by default setted to 24 hours) but the problem persist.

you are using reversible keyword so creating entries which never time out.

take a look here where Peter explains this feature: https://supportforums.cisco.com/thread/212398

Can somebody tell us why we see missed paquetes if there the pool is not oversized?.

look here: http://cciepursuit.wordpress.com/2007/10/07/hits-and-misses-in-ip-nat-statistics/

Regards.

Alain.

Don't forget to rate helpful posts.

Ganesh Hariharan · ‎12-23-2010

Hi,

We are having problems with users that are being natted.

We have defined nat pool to cover each user segment.

These ranges are not overseized but when the users said that they can not go trough internet what we do is to clear ip nat translations and the problem is resolved.

We have modified the ip nat translations timeout as follow:

ip nat translations timeout 3600
ip nat translations tcp-timeout 3600
ip nat translations udp-timeout 300

with the purpose to liberage nat connections from default(ip nat translations timeout is by default setted to 24 hours) but the problem persist.

We are attaching the output of: sh ip nat statistics, the configuracion of nat at router .

Can somebody tell us why we see missed paquetes if there the pool is not oversized?.

Thanking you in advance.

Roger

Hi Roger,

When the NAT is working, the 'Misses' shows the number of times the software does a translations table lookup, does not find a NAT translation entry, and must try to create a new one. An increase in the misses is because the NATed traffic is not going to the same destination always and the router needs to create new entries.

The number of misses genrally indicates about the failed allocations from the pool as there is no available address in NAT pool.

Check out the below command use the ip nat translation command in global configuration mode to reduce the amount of time after which Network Address Translation (NAT) translations time out and execute the command clear ip nat translations to clear all the active translations.
Check for any unwanted NAT pools configured and remove them from configuration. If you have problem in removing the NAT pool statement from the router configuration then try this.
1. Shut and unshut the interface.
2. Temporarily remove the ip nat inside/ip nat outside statements on the interface.
3. Temporarily remove the ip addresses on the interface.
4. Issue the router command clear ip nat translations *
5. Remove the nat pool statement.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post