Sure! Appreciate your help.
However for some reason after I reloaded the router the CPU calmed down..but
I still want to prevent it if i can.
Total active translations: 549 (5 static, 544 dynamic; 544 extended)
Peak translations: 877, occurred 00:15:32 ago
Outside interfaces:
GigabitEthernet0/0, Dialer1, Virtual-Access2
Inside interfaces:
GigabitEthernet0/1, VoIP-Null0
Hits: 32354 Misses: 0
CEF Translated packets: 4157, CEF Punted packets: 28196
Expired translations: 3732
Dynamic mappings:
-- Inside Source
[Id: 1] access-list BATAL-RUH-USERS interface Dialer1 refcount 543
Appl doors: 0
Normal doors: 0
Queued Packets: 0
On Mon, Sep 20, 2010 at 9:15 PM, Shaughn Smith <maniac.smg_at_gmail.com> wrote:
> Can you do a sh ip nat statistics and send the output
>
> CCIE # 23962 (SP)
>
> Sent from my iPhone 3GS
>
> On 20 Sep 2010, at 8:11 PM, karim jamali <karim.jamali_at_gmail.com> wrote:
>
> > Thank You guys for your support. Below are the configurations:
> >
> > int gi0/1
> > ip nat inside
> >
> > int dialer1
> > ip nat outside
> >
> > ip nat inside source list BATAL-RUH-USERS interface Dialer1 overload
> > ip nat inside source static 192.168.2.234 78.93.56.234
> > ip nat inside source static 192.168.2.235 78.93.56.235
> > ip nat inside source static 192.168.2.236 78.93.56.236
> > ip nat inside source static 192.168.2.237 78.93.56.237
> > ip nat inside source static 192.168.2.238 78.93.56.238
> >
> > Extended IP access list BATAL-RUH-USERS
> > 10 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 (5 matches)
> > 20 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
> > 30 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
> > 40 deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
> > 50 permit ip 192.168.2.0 0.0.0.255 any (3091 matches)
> >
> >
> > On Mon, Sep 20, 2010 at 8:11 PM, Jeferson Guardia <jefersonf_at_gmail.com
> >wrote:
> >
> >> Paste your configs here so we can advise you the best way to tune your
> nat
> >> config, there are a few ways that you can limit the max nat entry value
> on a
> >> router and this has showed to be quite useful in the past.
> >>
> >> Brgs,
> >>
> >> 2010/9/20 Shahid Ansari <shahid1357_at_gmail.com>
> >>
> >> This can be happen If you have many translation generated by third party
> >>> programs or Virus.
> >>> when you are enabled NAT ,dont allow any to any in access-list and make
> it
> >>> more specific
> >>> The best way to troubleshoot it by enabling netflow ...
> >>> Can you post
> >>> Show process Cpu
> >>> Show nat translation
> >>> show ip cache flow
> >>>
> >>> change default nat timeout value too..
> >>>
> >>> Thanks
> >>> Shahid Ansari
> >>>
> >>>
> >>>
> >>> On Mon, Sep 20, 2010 at 7:46 PM, karim jamali <karim.jamali_at_gmail.com
> >>>> wrote:
> >>>
> >>>> Dear Experts,
> >>>>
> >>>> I have faced a problem with one of the Routers at a customer site
> having
> >>>> the
> >>>> NAT Ager process consuming 98% of CPU. I am trying to understand the
> >>>> reason,
> >>>> however up till now I am not able.
> >>>>
> >>>> I would truly appreciate your input as I have 4 sites with the same
> >>>> configuration and I haven't been able to spot the difference that
> caused
> >>>> this problem.
> >>>>
> >>>> Thanks
> >>>>
> >>>> --
> >>>> KJ
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> > --
> > KJ
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
-- KJ Blogs and organic groups at http://www.ccie.netReceived on Mon Sep 20 2010 - 21:17:54 ART
This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART