Try to do a show ip nat stat first, to see the statistics.
That should tell you if you're hitting your ceiling. E.g. how many
translations are allowed, how many are being carried out now, and what was
the peak number of translations.
If all numbers are low, and your max number of translation is high, than
translations are being carried out OK.
The high timers can keep the sessions open, until Lotus SW is done doing
what it's supposed to be doing.
Short timers usually benefit only very overloaded scenarios (e.g. 1000s of
employees, or 1 guy with bittorrent client :))
On Tue, Sep 20, 2011 at 9:48 AM, Mathew <mathewfer_at_gmail.com> wrote:
> Hi Guys,
>
> I need some help to understand & fix a Lotus Notes replication failure but
> not always. I suspect my PAT has some issues.
> Lotus notes server on WAN side & clients on FastEthernet0/0 (user LAN).
>
> I have this below NAT/PAT setup with overload (Port translation). I need to
> fine tune timers involved in TCP port translation timers. The below output
> of "sho ip nat translations verbose" shows timer of 24hrs.
>
> 1. Do I have to still use "ip nat translation port-timeout tcp 1352 xx" to
> set the PAT (TCP port translation) timers?
> 2. Has anybody experience PAT issues with Lotus Notes? Any fix?
>
> I also noticed two timeout values does not seems right.
>
>
> !
> interface serial0/0
> description --- To WAN provider
> ip address 10.30.1.1 255.255.255.252
> ip nat outside
> !
> interface FastEthernet0/0
> description --- To User LAN
> ip address 10.10.2.1 255.255.255.0
> ip nat inside
> !
> ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
> !
> ip access-list extended NAT-ACL
> remark - Lotus Notes (tcp 1352)
> permit tcp any gt 1023 any eq 1352
> !
>
>
> R3(config)#ip nat translation ?
> arp-ping-timeout Specify timeout for WLAN-NAT ARP-Ping
> dns-timeout Specify timeout for NAT DNS flows
> finrst-timeout Specify timeout for NAT TCP flows after a FIN or
> RST
> icmp-timeout Specify timeout for NAT ICMP flows
> max-entries Specify maximum number of NAT entries
> port-timeout Specify timeout for NAT TCP/UDP port specific
> flows
> pptp-timeout Specify timeout for NAT PPTP flows
> routemap-entry-timeout Specify timeout for routemap created half entry
> syn-timeout Specify timeout for NAT TCP flows after a SYN and
> no further
> data
> tcp-timeout Specify timeout for NAT TCP flows
> timeout Specify timeout for dynamic NAT translations
> udp-timeout Specify timeout for NAT UDP flows
>
> R3(config)# sho ip nat translations verbose
> Pro Inside global Inside local Outside local Outside global
> tcp 10.10.2.1:1116 10.10.2.20:1116 10.50.2.1:1352 10.50.2.1:1352
> create 00:20:45, use 00:00:34 timeout:86400000, left 23:59:25,
> Map-Id(In): 7,
> flags:
> extended, use_count: 0, entry-id: 2009355, lc_entries: 0
> tcp 10.10.2.1:1042 10.10.2.22:1988 10.50.2.1:1352 10.50.2.1:1352
> create 00:00:38, use 00:00:34 timeout:86400000, left 00:00:25,
> Map-Id(In): 7,
> flags:
> extended, timing-out, use_count: 0, entry-id: 2038456, lc_entries: 0
>
> --
> Thanks
>
> Mathew
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Pavel Bykov Blogs and organic groups at http://www.ccie.netReceived on Thu Sep 22 2011 - 13:46:42 ART
This archive was generated by hypermail 2.2.0 : Sat Oct 01 2011 - 07:26:25 ART