11 Replies Latest reply: Mar 1, 2019 9:46 AM by Ing_Percy RSS

    NAT Overload problem on a 2951 router

    Kye

      I have been trying to solve this 3 nights in a row and still can't figure out.

      When I ran a debug I got something like this :

       

      "ipnat api , outtranslated address and port common, out->in want IL,OL"

       

      Anybody knows what the problem is?

       

       

      Config below

       

      ESURU#show run

      Building configuration...

       

       

       

       

      Current configuration : 4143 bytes

      !

      ! Last configuration change at 09:00:43 UTC Thu Feb 14 2019

      !

      version 15.5

      service timestamps debug datetime msec

      service timestamps log datetime msec

      service password-encryption

      !

      hostname ESURU

      !

      boot-start-marker

      boot-end-marker

      !

      !

      enable secret 5 $1$GY72$x8q2JQEzWF4PZpd

      !

      no aaa new-model

      ethernet lmi ce

      memory-size iomem 10

      !

      !

      !

      !

      !

       

       

       

      !

      ip dhcp excluded-address 192.168.15.1 192.168.15.9

      ip dhcp excluded-address 192.168.15.80 192.168.15.90

      !

      ip dhcp pool LOCAL_DEV

      network 192.168.15.0 255.255.255.0

      default-router 192.168.15.254

      dns-server 207.164.234.193

      option 150 ip 192.168.15.80

      !

      !

      !

      ip domain name KYELAB.LOCAL

      ip cef

      no ipv6 cef

      !

      multilink bundle-name authenticated

      !

      !

      !

      !

      !

      !

      !

      !

      voice-card 0

      !

      !

      !

      !

      !

      !

      !

      !

      vxml logging-tag

      license udi pid CISCO2951/K9 sn xxxxx

      license accept end user agreement

      hw-module pvdm 0/1

      !

      hw-module pvdm 0/2

      !

      !

      !

      username kye privilege 15 secret 5 $1$EAV5$whU9eZzSrvjhnuR94/

      username user1 secret 5 $1$K4O8UgvHJ9Ix71RE139j1

      !

      redundancy

      !

      !

      !

      !

      !

      !

      interface Embedded-Service-Engine0/0

      no ip address

      shutdown

      !

      interface GigabitEthernet0/0

      description Local Devices

      ip address 192.168.15.254 255.255.255.0

      ip nat inside

      ip virtual-reassembly in

      duplex auto

      speed auto

      !

      interface GigabitEthernet0/1

      mtu 1520

      no ip address

      ip nat outside

      ip virtual-reassembly in

      duplex full

      speed 1000

      media-type rj45

      !

      interface GigabitEthernet0/1.35

      encapsulation dot1Q 35

      ip nat outside

      ip virtual-reassembly in

      pppoe enable group global

      pppoe-client dial-pool-number 1

      !

      interface GigabitEthernet0/2

      ip address 192.168.100.1 255.255.255.0

      shutdown

      duplex auto

      speed auto

      !

      interface Dialer1

      mtu 1492

      ip address negotiated

      ip nat outside

      ip virtual-reassembly in

      encapsulation ppp

      ip tcp adjust-mss 1412

      dialer pool 1

      dialer-group 1

      ppp authentication pap callin

      ppp pap sent-username xxxxxx password 7 xxxxxx

      ppp ipcp dns request accept

      ppp ipcp route default

      ppp ipcp address accept

      no cdp tlv app

      !

      !

      ip forward-protocol nd

      !

      no ip http server

      no ip http secure-server

      !

      ip route 0.0.0.0 0.0.0.0 Dialer 1

      ip nat source list 1 interface Dialer 1 overload

      ip ssh version 2

      !

      !

      nls resp-timeout 1

      cpd cr-id 1

      !

      tftp-server flash:/P00308010200.loads alias P00308010200.loads

      tftp-server flash:/SCCP75.9-1-1SR1S.loads alias SCCP75.9-1-1SR1S.loads

      tftp-server flash:/P00308010200.bin alias P00308010200.bin

      tftp-server flash:/P00308010200.sb2 alias P00308010200.sb2

      tftp-server flash:/P00308010200.sbn alias P00308010200.sbn

      tftp-server flash:/apps75.9-1-1TH1-16.sbn alias apps75.9-1-1TH1-16.sbn

      tftp-server flash:/cnu75.9-1-1TH1-16.sbn alias cnu75.9-1-1TH1-16.sbn

      tftp-server flash:/cvm75sccp.9-1-1TH1-16.sbn alias cvm75sccp.9-1-1TH1-16.sbn

      tftp-server flash:/dsp75.9-1-1TH1-16.sbn alias dsp75.9-1-1TH1-16.sbn

      tftp-server flash:/jar75sccp.9-1-1TH1-16.sbn alias jar75sccp.9-1-1TH1-16.sbn

      tftp-server flash:/term75.default.loads alias term75.default.loads

      tftp-server flash:/term65.default.loads alias term65.default.loads

      tftp-server flash:/jar45sccp.9-1-1TH1-16.sbn alias jar45sccp.9-1-1TH1-16.sbn

      tftp-server flash:/dsp45.9-1-1TH1-16.sbn alias dsp45.9-1-1TH1-16.sbn

      tftp-server flash:/cvm45sccp.9-1-1TH1-16.sbn alias cvm45sccp.9-1-1TH1-16.sbn

      tftp-server flash:/cnu45.9-1-1TH1-16.sbn alias cnu45.9-1-1TH1-16.sbn

      tftp-server flash:/apps45.9-1-1TH1-16.sbn alias apps45.9-1-1TH1-16.sbn

      tftp-server flash:/SCCP45.9-1-1SR1S.loads alias SCCP45.9-1-1SR1S.loads

       

      access-list 1 permit 192.168.15.0 0.0.0.255

      !

      control-plane

      !

      !

      voice-port 0/0/0

      connection plar 7002

      caller-id enable

      !

      voice-port 0/0/1

      !

      voice-port 0/0/2

      !

      voice-port 0/0/3

      !

      !

      !

      !

      !

      mgcp behavior rsip-range tgcp-only

      mgcp behavior comedia-role none

      mgcp behavior comedia-check-media-src disable

      mgcp behavior comedia-sdp-force disable

      !

      mgcp profile default

      !

      !

      !

      !

      !

      !

      !

      gatekeeper

      shutdown

      !

      !

      vstack

      !

      line con 0

      logging synchronous

      line aux 0

      line 2

      no activation-character

      no exec

      transport preferred none

      transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

      stopbits 1

      line vty 0 4

      login local

      transport input ssh

      !

      scheduler allocate 20000 1000

      !

      end

       

       

      ESURU#

         
        • 1. Re: NAT Overload problem on a 2951 router
          Ing_Percy

          Hi!

           

          Change: "ip nat source list 1 interface Dialer 1 overload" by "ip nat inside source list 1 interface dialer 1 overload"


          Details: https://community.cisco.com/t5/switching/nat-difference-between-ip-nat-inside-source-ip-nat-source-list/td-p/1115337


          Best regards!

          • 2. Re: NAT Overload problem on a 2951 router
            Kye

            Thanks so much it worked

            • 3. Re: NAT Overload problem on a 2951 router
              Kye

              one more question.

              For some reason i get less than half the speed of the link than what my provider gives.

              I have a gigabit port on the router (2951). Do you know why?

              i was getting about 940mbps on my providers  router now i get 360mbps download.

              • 4. Re: NAT Overload problem on a 2951 router
                Ing_Percy

                Hi!

                 

                If you have slowness in your internet connection, then you must contact the provider.

                Also try with a speed-test to check the performance of your connection

                 

                Best regards!

                • 5. Re: NAT Overload problem on a 2951 router
                  Kye

                  ,i meant when I connect the fiber to my provider's modem and I connect my desktop to it I get 940mbps but the cisco router gives me 360mbps.

                  I was wondering if it had something to do with my config

                  • 6. Re: NAT Overload problem on a 2951 router
                    Ing_Percy

                    Hi!

                     

                    Is your original connection only the modem (with ethernet modules) and your PC?, then have your connected the router after the modem?

                    Maybe you must check the configuration of ethernet on the modem

                     

                    Configuration of router:

                    interface GigabitEthernet0/1

                    mtu 1520

                    no ip address

                    ip nat outside

                    ip virtual-reassembly in

                    duplex full

                    speed 1000

                    media-type rj45

                    !

                    interface GigabitEthernet0/1.35

                    encapsulation dot1Q 35

                    ip nat outside

                    ip virtual-reassembly in

                    pppoe enable group global

                    pppoe-client dial-pool-number 1

                     

                    Also, is your modem configured with NAT, too? What is your connections?, put the topology of both cases.

                     

                    Best regards!

                    • 7. Re: NAT Overload problem on a 2951 router
                      Kye

                      Topology.jpg

                      Something like this

                      • 8. Re: NAT Overload problem on a 2951 router
                        Ing_Percy

                        Hi!

                        gpon1.JPG

                        Where is NAT applied in the first picture?

                        If in the second picture, there is double nat, then, the speed could decrease.

                         

                        When you have different vendors, the interfaces must configure manually without autonegotiation (duplex, speed) on both sides.

                         

                        Attentive to your comments

                         

                        Regards!

                        • 10. Re: NAT Overload problem on a 2951 router
                          Kye

                          The NAT is only on the Router. applied on both

                           

                          interface GigabitEthernet0/0                                                   

                          description Local Devices                                                     

                          no ip address                                                                 

                          ip nat inside                                                                 

                          ip virtual-reassembly in                                                      

                          duplex full                                                                   

                          speed 1000                                                                    

                          !                                                                              

                          interface GigabitEthernet0/0.15                                                

                          encapsulation dot1Q 15                                                        

                          ip address 192.168.15.254 255.255.255.0                                       

                          ip nat inside                                                                 

                          ip virtual-reassembly in                                                      

                          !                                                                              

                          interface GigabitEthernet0/0.120                                               

                          encapsulation dot1Q 120                                                       

                          ip address 10.10.120.1 255.255.255.0                                          

                          ip nat inside                                                                 

                          ip virtual-reassembly in                                                      

                          !                                                                              

                          interface GigabitEthernet0/1                                                   

                          mtu 1520                                                                      

                          no ip address                                                                 

                          ip nat outside                                                                

                          ip virtual-reassembly in                                                      

                          duplex full                                                                   

                          speed 1000                                                                    

                          media-type rj45                                                               

                          !                                                                              

                          interface GigabitEthernet0/1.35                                                

                          encapsulation dot1Q 35                                                        

                          ip nat outside                                                                

                          ip virtual-reassembly in                                                      

                          pppoe enable group global                                                     

                          pppoe-client dial-pool-number 1                                               

                          !                                                                              

                          interface GigabitEthernet0/2                                                   

                          ip address 192.168.100.1 255.255.255.0                                        

                          shutdown                                                                      

                          duplex auto                                                                   

                          speed auto                                                                    

                          !                                                                              

                          interface Dialer1                                                              

                          mtu 1492                                                                      

                          ip address negotiated                                                         

                          ip nat outside                                                                

                          ip virtual-reassembly in                                                      

                          encapsulation ppp                                                             

                          ip tcp adjust-mss 1412                                                        

                          dialer pool 1                                                                 

                          dialer-group 1                                                                

                          ppp authentication pap callin                                                 

                          ppp pap sent-username xxxxx password 7 xxxxxx          

                          ppp ipcp dns request accept                                                   

                          ppp ipcp route default                                                        

                          ppp ipcp address accept                                                       

                          no cdp tlv app        

                          • 11. Re: NAT Overload problem on a 2951 router
                            Ing_Percy

                            Hi!

                             

                            When you enabled NAT in a router, it reduce the performance of the speed because it demands hardware resource in the process of each packet

                             

                            Here are more references about it:

                            Re: Home Lab for R&S- Router speed limited to 50 mbps

                             

                            NAT can reduce performance for a connection?

                             

                            Best regards!