01-15-2013 10:32 AM
Hello,
We followed this thread´s advice (https://supportforums.cisco.com/message/3753984) to get a CGN up and running with a single vrf instance (IOS XR 4.2)
Everything seems to be ok but we are getting the following error:
asr#show cgn nat44 NAT444 statistics
Unable to obtain requested information Error:'cgn' detected the 'warning' condition 'The instance has not yet been configured'
asr#
We have configured the service infra interface and we have also reloaded the line card.
Plus, we don´t see this error in any guide. Could you please enlighten us?
Thank you in advance,
Solved! Go to Solution.
01-29-2013 05:12 PM
Hello,
let's try to answer this new question in the different topic you opened here:
https://supportforums.cisco.com/message/3841906#3841906
Cheers,
N.
12-01-2013 11:56 PM
Hi Nicolas,
Hopefully the discussion still open. Currently I'm running ISM version 4.2.x and I have 2 questions regarding NAT44 :
1. please confirm my current understanding : In order to create different nat pool within ISM linecard, we need to create another serviceApp interface for inside and outside vrf (if needed - in this case, i'm using vrf for outside address), but still we can use the existing serviceInfra interface.
2. Static port forwarding. Based on the definition :Static port forwarding helps in associating a private IP address and port with a statically allocated public IP and port. on this document I've read: (http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.3/cg_nat/configuration/guide/cgc43cgn.pdf) , the configuration only maps private ip and port, but not with static public ip and port, which I'm assuming the public translated IP address are still mapped with specified pool (i.e /26 or /30) and not statically public ip and port
need your advice on this
Thanks
12-02-2013 12:03 AM
Hi Adiyudha,
1: yes, at least you'll need to have multiple inside serviceApps to assign to each inside VRF
2: the software does not give you the ability to pick the external address and will do it for you inside the pool.
So indeed, you map inside address and port. The port will be the same on the outside and the CGN software will pick one address based on the hash algorithm.
Kind regards,
N.
12-02-2013 12:10 AM
Hi Nicolas,
Appreciate your swift response. So the closest condition to match the 1:1 mapping is to create the smallest pool range and port range.
Once the connection established, as per my understanding, the mapping table will remain persist / not change at all until the box reloaded / the nat session cleared.
Thanks
Adiyudha
12-02-2013 12:29 AM
Hi Adiyudha,
I'm not sure it's a good workaround to mimic a 1:1 translation, unfortunately.
Once the translation is configured, it will map the defined inside address to a outside address for a particular port (and not a range of port, just for one port). So, if you map port 80 for inside address A for example, it doesn't mean that other ports of address A will be mapped statically. On the contrary, they will be mapped randomly to outside ports.
The tested scale for static mapping is 6000 entries (pair of address+port), not 6000 addresses.
The mapping being static, it is not initiated by i2o traffic, but by configuration, so it can only be cleared by removing the configuration.
The mapping is preserved if the card or chassis is reloaded.
Hope it clarifies a bit,
Best regards,
N.
01-28-2015 08:28 AM
Hi, Nicholas:
I was wondering if you could help with a problem I'm having.
I have a very similar setup to what is described in deployment guides (with VSM 5.1.2) where I use ABF to divert traffic into the inside serviceapp3 interface. there are differences though:
- ABF is configured on an interface in an NV Sat.
- The nv sat interface is on the default VRF with ABF pointing to NH within inside-vrf.
- static route pointing to ServiceApp33 (vrf default)
- static route in inside-vrf pointing to NH on vrf default
My problem is that everything points to traffic going into the VSM, NAT translation being generated and I actually see I2O packets, but no return whatsoever.
RP/0/RSP0/CPU0:XXXXXX#show cgn nat44 NAT44-3 inside-translation protocol icmp inside-vrf INSIDE inside-address 192.168.136.129$
Wed Jan 28 10:14:35.544 CST
Inside-translation details
---------------------------
NAT44 instance : NAT44-3
Inside-VRF : INSIDE
--------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
--------------------------------------------------------------------------------------------
200.x.y.1 icmp 71 61327 dynamic 5 0
RP/0/RSP0/CPU0:XXXXXX#show run router static
Wed Jan 28 10:14:49.528 CST
router static
address-family ipv4 unicast
200.x.y.0/24 ServiceApp33
!
vrf INSIDE
address-family ipv4 unicast
192.168.136.128/25 vrf default GigabitEthernet100/0/0/0 192.168.136.2
!
At least the inside portion looks fine. On the outside serviceapp I see output packets, but no input packets. As you can see, I have the return static route pointing to Sapp33 and the return static route to where traffic origin is; still no luck.
Any advice?
Thanks,
c.
02-20-2015 11:53 AM
Hi
I have ASR9K box running CGN , I have two questions
The Public pool assigned is two /21 subnets which means 4096 IP addresses . why am seeing Pool address used: 3876 ?
In the run attach 0/4/CPU0 what other commands i can use other than # show_nat44_stats ? How can i list the available options ?
I have port-limit of 100 , I made ur calculations above and i got 72 Ports per User , should I increase the port-limit ?
Thanks
BR,
Mohammad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide