Re: NAT problem

From: Nick Shah (nshah@xxxxxxxxxxxxxx)
Date: Fri May 10 2002 - 05:07:08 GMT-3

• Next message: Sudhanshu Gupta: "RE: NAT problem"
• Previous message: p729@xxxxxxx: "OT: New Plaque"
• Maybe in reply to: Sudhanshu Gupta: "NAT problem"
• Next in thread: Sudhanshu Gupta: "RE: NAT problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
bug id : CSCdu78165

//snip//
When running ios version 12.1.5.T7 on a 3600 series router and running nat
with a large static nat traslation table and a single address nat pool with
overload, dynamic nat translation may intermittantly hang. The workaround
for this problem is to clear the nat translation table which will restart
the dynamic nat process.
//snip//

there are similar bug (this being the closest). and all of them states clear
ip nat trans * as a work around.
You could raise TAC if you still have issues.

ps. you could tweak those timeouts to a bit less and see if that alleviates
the issue

hth
Nick

-----Original Message-----
From: Sudhanshu Gupta <sudhanshu.gupta@wipro.co.in>
To: Nick Shah <nshah@connect.com.au>; ccielab@groupstudy.com
<ccielab@groupstudy.com>
Date: Friday, 10 May 2002 5:36
Subject: RE: NAT problem

Nick,
Thanks.
We already upgraded the IOS and tried clearing NAT table with "clear ip nat
tran * " but that didn't help.
-sudhanshu

ps:
relevent portions of config are:

outside interface - serial 1/0
inside interface - FastEther 1/0 and async65

!
ip local pool classpool 10.49.67.130 10.49.67.254
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat pool aod x.y.z.67 x.y.z.70 netmask 255.255.255.248
ip nat inside source list 1 pool aod overload
ip classless

> -----Original Message-----
> From: Nick Shah [SMTP:nshah@connect.com.au]
> Sent: Friday, May 10, 2002 1:06 PM
> To: Sudhanshu Gupta; ccielab@groupstudy.com
> Subject: Re: NAT problem
>
> I saw this prob. once on a customer network (Cisco 1720), basically he was
> doing PAT (NAT on single public ip address). We upgraded the IOS and the
> issue was resolved. In his case the number of NAT entries were running
into
> 100's. There seems to be a bug associated with it (cant recall it now.) I
> think there may be a bottleneck associated with amount of memory / number
of
> NAtted entries that can exist.
>
> But I also figured out that you can do a clear ip nat trans * and then the
> router will purge the current NAT dynamic entries and starts working again
> (till it hits the bottleneck again). Try this as a workaround..
>
> Permanent workaround (if you are indeed using PAT) would be to allocate a
> small pool of public IP addresses and do a NAT on that.
>
> hth
> Nick
>
>
> -----Original Message-----
> From: Sudhanshu Gupta <sudhanshu.gupta@wipro.co.in>
> To: ccielab@groupstudy.com <ccielab@groupstudy.com>
> Date: Friday, 10 May 2002 5:14
> Subject: NAT problem
>
>
> >Team,
> >Can any one shed some light on this. We start getting these message on
our
> 3660. It was running on 12.2 (3) and we upgrded it to 12.2 (7)b, but the
> message havn't stopped. And router stops doing any NAT translation. Only
> reboot helps.
> >
> >15:40:54: NAT: address not stolen for 10.49.67.178, proto 17 port 1102
> >15:40:54: NAT: failed to allocate address for 10.49.67.178, list/map 1
> >15:40:54: NAT: translation failed (A), dropping packet s=10.49.67.178
> d=212.162.
> >
> >Any ideas.
> >Thanks for help.
> >-sudhanshu

• Next message: Sudhanshu Gupta: "RE: NAT problem"
• Previous message: p729@xxxxxxx: "OT: New Plaque"
• Maybe in reply to: Sudhanshu Gupta: "NAT problem"
• Next in thread: Sudhanshu Gupta: "RE: NAT problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:54 GMT-3