Re: Trying to delete old NAT entries

mneumann1219 · ‎03-24-2023

I have a bunch of old NAT entries and I need to get rid of them. I've tried using the no commands and to no avail. I tried using the clear ip nat translation command and packet tracer kept saying incomplete command. So what should I do to delete them? Here's what it looks like:

Flavio Miranda · ‎03-24-2023

Hi

This command is probably the output of show nat translation, right?

What you need to do is remove the ACL that matches with the traffic you wont to translate anymore.

Would be easier to help if you share the configuration from the device.

mneumann1219 · ‎03-24-2023

I've already deleted all the associated ACLs.

Here is my show run:

hostname Europe

!

no ip cef

no ipv6 cef

!

license udi pid CISCO2811/K9 sn FTX10171S75-

!

spanning-tree mode pvst

!

interface FastEthernet0/0

ip address 172.30.0.1 255.255.0.0

ip ospf 1 area 1

ip access-group 130 in

ip access-group 140 out

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

ip access-group 130 in

duplex auto

speed auto

shutdown

!

interface Serial0/1/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

no ip address

clock rate 2000000

shutdown

!

interface Serial0/2/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/2/1

ip address 172.35.0.1 255.255.255.252

ip ospf network point-to-point

ip ospf 1 area 3

ip nat outside

!

interface Serial0/3/0

ip address 172.7.0.2 255.255.255.252

ip ospf 1 area 1

ip access-group 130 in

ip nat outside

!

interface Serial0/3/1

ip address 172.8.0.1 255.255.255.252

ip ospf 1 area 1

ip nat outside

!

interface FastEthernet1/0

no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router eigrp 1

redistribute ospf 1 metric 1 1 1 1 1

network 172.7.0.0

network 172.8.0.0

network 172.30.0.0

network 172.35.0.0

!

router ospf 1

log-adjacency-changes

redistribute eigrp 1 subnets tag 1

network 172.7.0.0 0.0.0.255 area 1

network 172.8.0.0 0.0.0.255 area 1

network 172.35.0.0 0.0.0.255 area 0

!

ip classless

!

ip flow-export version 9

!

access-list 130 permit tcp any host 172.30.1.2 eq www

access-list 130 permit tcp any host 172.30.1.1 eq pop3

access-list 130 permit tcp any host 172.30.1.1 eq smtp

access-list 130 permit ip any any

access-list 140 permit tcp any any

access-list 140 permit ip any any

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

end

Flavio Miranda · ‎03-24-2023

If you deleted the ACL already you can also remove this:

conf t

interface FastEthernet0/0

no ip nat inside

interface Serial0/3/0

no ip nat outside

!

interface Serial0/3/1

no ip nat outside

Just keep in mind that with this you will delete all NAT on this device

mneumann1219 · ‎03-24-2023

Okay so my NAT entries finally wen away some how. I tried setting up a PAT configuration for my router however I can no longer see what my NAT entries are at all. Whenever I type "show ip nat translations" I get no output.

This is what the show run looks like now:

hostname Europe

!

no ip cef

no ipv6 cef

!

license udi pid CISCO2811/K9 sn FTX10171S75-

!

spanning-tree mode pvst

!

interface FastEthernet0/0

ip address 172.30.0.1 255.255.0.0

ip ospf 1 area 1

ip access-group 130 in

ip access-group 140 out

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

ip access-group 130 in

duplex auto

speed auto

shutdown

!

interface Serial0/1/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

no ip address

clock rate 2000000

shutdown

!

interface Serial0/2/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/2/1

ip address 172.35.0.1 255.255.255.252

ip ospf network point-to-point

ip ospf 1 area 3

ip nat outside

!

interface Serial0/3/0

ip address 172.7.0.2 255.255.255.252

ip ospf 1 area 1

ip access-group 130 in

ip nat outside

!

interface Serial0/3/1

ip address 172.8.0.1 255.255.255.252

ip ospf 1 area 1

ip nat outside

!

interface FastEthernet1/0

no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router eigrp 1

redistribute ospf 1 metric 1 1 1 1 1

network 172.7.0.0

network 172.8.0.0

network 172.30.0.0

network 172.35.0.0

!

router ospf 1

log-adjacency-changes

redistribute eigrp 1 subnets tag 1

network 172.7.0.0 0.0.0.255 area 1

network 172.8.0.0 0.0.0.255 area 1

network 172.35.0.0 0.0.0.255 area 0

!

ip nat pool inside 50.50.50.80 50.50.50.80 netmask 255.255.255.0

ip nat inside source list 1 pool inside overload

ip classless

!

ip flow-export version 9

!

access-list 130 permit tcp any host 172.30.1.2 eq www

access-list 130 permit tcp any host 172.30.1.1 eq pop3

access-list 130 permit tcp any host 172.30.1.1 eq smtp

access-list 130 permit ip any any

access-list 140 permit tcp any any

access-list 140 permit ip any any

access-list 1 permit 172.30.0.0 0.0.0.255

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

end

MHM Cisco World · ‎03-24-2023

Dymanic PAT can remove or modify by

1- remove ip nat inside from egress interface

2- clear nat table

3- modify the NAT config

4- add again ip nat inside

Martin L · ‎03-31-2023

You are missing * sign at the end. Use CLI context help in form of ?

R1#clear ip nat ?

translation Clear dynamic translation

R1#clear ip nat tr

R1#clear ip nat translation ?

* Deletes all dynamic translations

R1#clear ip nat translation

% Incomplete command.

R1#clear ip nat translation *

R1#

Regards, ML
**Please Rate All Helpful Responses **