Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1262
Views
0
Helpful
2
Replies

ASR 9000 ISM No translation entry drops

Vladimir Pisarenko
Level 1
Level 1

‎09-25-2013 08:50 PM

Hi all!!

We set up ISM on ASR 9000 in nat44 mode. All works fine, but No translation entry drops grows as I can see in

sh cgn nat44 NAT1 statistics

Can you explain me why does it happens and which troubles will I expect?

Or may be there is a way to avoid these drops....


service cgn CGN1

service-location preferred-active 0/7/CPU0

service-type nat44 NAT1

  portlimit 5000

  alg ActiveFTP

  inside-vrf insidevrf1

   map outsideServiceApp ServiceApp2 address-pool x.x.x.x/25

   external-logging netflow version 9

    server

     address 10.11.13.28 port 9996

sh cgn nat44 NAT1 statistics

Statistics summary of NAT44 instance: 'NAT1'

Number of active translations: 11016

Number of sessions: 650

Translations create rate: 47

Translations delete rate: 0

Inside to outside forward rate: 1122

Outside to inside forward rate: 1595

Inside to outside drops port limit exceeded: 0

Inside to outside drops system limit reached: 0

Inside to outside drops resource depletion: 0

No translation entry drops: 15579

PPTP active tunnels: 0

PPTP active channels: 0

PPTP ctrl message drops: 0

Number of subscribers: 1726

Drops due to session db limit exceeded: 0

Drops due to source ip not configured: 0

Pool address totally free: 0

Pool address used: 128

1 person had this problem
Labels:
0 Helpful
2 Replies 2

somnathr
Cisco Employee
Cisco Employee

‎09-26-2013 08:53 PM

Hi Andrew,

This counter indicates:

Number of times Outside-to-Inside packets (TCP + UDP + ICMP, Static + Dynamic) dropped because there is no NAT DB entry corresponding to the Destination IP and L4 Port.

Please check your static route and ensure only the packets with destination address matching with public IP pool is sent to outside service app interface.

Alternatively, some of those entries could be timed out as well so when the O2I packets reach, it does not find a NAT DB entry and gets dropped.

You can refer the following guides as well to check out some other relevant commands (like, 'show .. outside-translations'):

Config guide - http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/cg_nat/configuration/guide/cgnat_43.html

Command Ref guide - http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/cg_nat/command/reference/b_cgnat_cr43xasr9k.html

regards,

Somnath.

0 Helpful

Vladimir Pisarenko
Level 1
Level 1
In response to somnathr

‎09-30-2013 01:21 AM

Hi Somnath!

May be these drops appears because of small sesion timeout of port translations?

I.e. translation is already closed but traffic from internet still comes to it.

All timeout values are default.

0 Helpful
Customers Also Viewed These Support Documents