From: Etchings, Jay (EtchingsJ@ally.com)
Date: Tue Feb 01 2005 - 22:39:11 GMT-3
Group if I am doing something stupid feel free to flame away I would
just like to figure out what the deal is, even if a few lumps are in
order.
I have had an issue since last Friday where my 2651 DMVPN router is
running at 100% of the CPU. It seems to have 150K NAT translations
during the day which should calculate to 30Mbs of memory based on the
160 Bytes per trans.
I am working to figure out what I can do to resolve this issue. Has
anyone heard of such a thing?
I made the following changes. This is a simple error -- the interface
ran out of ports to translate (~65599..)
access-list 11 permit 10.1.4.0 0.0.3.255
access-list 11 permit 10.1.16.0 0.0.3.255 access-list 11 permit
10.1.200.0 0.0.1.255 access-list 11 permit 10.2.200.0 0.0.0.255 ip nat
pool OUTSIDE_PAT 200.200.200.200 200.200.200.203 netmask ip nat inside
source list 11 pool OUTSIDE_PAT overload no ip nat inside source static
10.1.4.37 200.200.200.201 extendabe ip nat inside source static
10.1.4.37 200.200.200.202 extendable no access-list 10 no ip nat inside
source list 10 interface FastEthernet0/1 overload
(I subbed my public IP's with the 200.200.200.20X)
This seemed to be the temporary fix to infected computers using too many
NAT translations.
________________________________
I issued a clear IP nat tr * to clear 70,000+ translations on my 2651
DMVPN router again and it seems to have supplied a temporary fix.
The issue of running the CPU at 100% still persists.
Any ideas?
Regards,
Jay Etchings
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:16 GMT-3