13 Replies Latest reply: Nov 11, 2019 12:21 PM by Parvesh RSS

    ip nat translation timeout 28800

    ali

      hi engineers

      what will do if I implement this command in my router ?

        • 1. Re: ip nat translation timeout 28800
          Ing_Percy

          Duplicate question:

          ip nat translation timeout 28800

           

          Try to edit the original post to avoid duplication.

           

          Regards!

          • 2. Re: ip nat translation timeout 28800
            Martin

            Timeout means for how long an entry in table (ip nat translations, ip arp, and others) stays before it is removed from the table ( times out)

             

            example; show ip nat translations shows you some entries that are not time out. u can ping or trace an IP  and see that after 60 seconds of ping ended, those entries will be gone.   

            • 3. Re: ip nat translation timeout 28800
              ali

              If the table removed and there are people use the internet in the same time . what is the affect for those who use the internet while the table is removing  .

              • 4. Re: ip nat translation timeout 28800
                Ing_Percy

                Hi!

                 

                The users could lose access to the internet but it will  be minimal.

                Only entries of translation are removed, but when the users connect to internet, again the router (with NAT enabled) translates and thay can access to the internet (it generates entries in the nat table)

                 

                Regards!

                • 5. Re: ip nat translation timeout 28800
                  Martin

                  entries will be back after they have been removed due to time out;  if you have packet tracer , u can practice NAT with ping or trace.  entries are there after ping is done for 60 seconds; then they will be gone after 60 sec. then u can get new entries when u ping again. 

                   

                  same concept for ARP table on router and MAC tables on swithces; 

                  • 6. Re: ip nat translation timeout 28800
                    ali

                    -R3925-INT#show ip traffic

                    IP statistics:

                      Rcvd:  35434830 total, 2611350 local destination

                             0 format errors, 0 checksum errors, 2011 bad hop count

                             0 unknown protocol, 1 not a gateway

                             0 security failures, 0 bad options, 0 with options

                      Opts:  0 end, 0 nop, 0 basic security, 0 loose source route

                             0 timestamp, 0 extended security, 0 record route

                             0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump

                             0 other

                      Frags: 33 reassembled, 0 timeouts, 0 couldn't reassemble

                             286755 fragmented, 578899 fragments, 53090 couldn't fragment

                      Bcast: 246269 received, 0 sent

                      Mcast: 0 received, 0 sent

                      Sent:  2664030 generated, 1429810699 forwarded

                      Drop:  133072 encapsulation failed, 0 unresolved, 0 no adjacency

                             13788226 no route, 0 unicast RPF, 0 forced drop

                             0 options denied

                      Drop:  0 packets with source IP address zero

                      Drop:  0 packets with internal loop back IP address

                             167 physical broadcast

                      Reinj: 0 in input feature path, 40083 in output feature path

                     

                    ICMP statistics:

                      Rcvd: 2 format errors, 6 checksum errors, 0 redirects, 1691 unreachable

                            26198 echo, 107632 echo reply, 0 mask requests, 0 mask replies, 0 quench

                            0 parameter, 0 timestamp, 0 timestamp replies, 0 info request, 0 other

                            0 irdp solicitations, 0 irdp advertisements

                            540 time exceeded, 0 info replies

                      Sent: 0 redirects, 586311 unreachable, 108068 echo, 26198 echo reply

                            0 mask requests, 0 mask replies, 0 quench, 0 timestamp, 0 timestamp replies

                            0 info reply, 2011 time exceeded, 0 parameter problem

                            0 irdp solicitations, 0 irdp advertisements

                     

                    UDP statistics:

                      Rcvd: 956596 total, 7307 checksum errors, 949142 no port

                      Sent: 0 total, 0 forwarded broadcasts

                     

                    BGP statistics:

                      Rcvd: 0 total, 0 opens, 0 notifications, 0 updates

                            0 keepalives, 0 route-refresh, 0 unrecognized

                      Sent: 0 total, 0 opens, 0 notifications, 0 updates

                            0 keepalives, 0 route-refresh

                     

                    TCP statistics:

                      Rcvd: 1565225 total, 296 checksum errors, 252870 no port

                      Sent: 1901383 total

                     

                    EIGRP-IPv4 statistics:

                      Rcvd: 0 total

                      Sent: 0 total

                     

                    PIMv2 statistics: Sent/Received

                      Total: 0/0, 0 checksum errors, 0 format errors

                      Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0,  Hellos: 0/0

                      Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0

                      Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0

                      Queue drops: 0

                      State-Refresh: 0/0

                     

                    IGMP statistics: Sent/Received

                      Total: 0/0, Format errors: 0/0, Checksum errors: 0/0

                      Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0

                      DVMRP: 0/0, PIM: 0/0

                      Queue drops: 0

                     

                    OSPF statistics:

                      Last clearing of OSPF traffic counters never

                     

                      Rcvd: 0 total, 0 checksum errors

                            0 hello, 0 database desc, 0 link state req

                            0 link state updates, 0 link state acks

                     

                      Sent: 0 total

                            0 hello, 0 database desc, 0 link state req

                            0 link state updates, 0 link state acks

                     

                    ARP statistics:

                      Rcvd: 656281 requests, 202583 replies, 0 reverse, 0 other

                      Sent: 7424 requests, 100956 replies (2775 proxy), 0 reverse

                      Drop due to input queue full: 0

                     

                     

                     

                     

                    ********************************************************************************************

                     

                     

                    *Nov  9 17:26:30.966: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:28:31.874: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:30:21.626: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:35:48.234: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:38:22.454: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:39:06.822: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:39:42.266: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:40:19.666: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:40:50.598: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:41:21.034: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:42:17.654: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:43:09.314: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:43:56.618: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:44:27.138: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:44:57.814: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:45:30.066: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:46:04.882: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    *Nov  9 17:46:40.066: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                    • 7. Re: ip nat translation timeout 28800
                      ali

                      -R3925-INT#show ip traffic

                      IP statistics:

                        Rcvd:  35434830 total, 2611350 local destination

                               0 format errors, 0 checksum errors, 2011 bad hop count

                               0 unknown protocol, 1 not a gateway

                               0 security failures, 0 bad options, 0 with options

                        Opts:  0 end, 0 nop, 0 basic security, 0 loose source route

                               0 timestamp, 0 extended security, 0 record route

                               0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump

                               0 other

                        Frags: 33 reassembled, 0 timeouts, 0 couldn't reassemble

                               286755 fragmented, 578899 fragments, 53090 couldn't fragment

                        Bcast: 246269 received, 0 sent

                        Mcast: 0 received, 0 sent

                        Sent:  2664030 generated, 1429810699 forwarded

                        Drop:  133072 encapsulation failed, 0 unresolved, 0 no adjacency

                               13788226 no route, 0 unicast RPF, 0 forced drop

                               0 options denied

                        Drop:  0 packets with source IP address zero

                        Drop:  0 packets with internal loop back IP address

                               167 physical broadcast

                        Reinj: 0 in input feature path, 40083 in output feature path

                       

                      ICMP statistics:

                        Rcvd: 2 format errors, 6 checksum errors, 0 redirects, 1691 unreachable

                              26198 echo, 107632 echo reply, 0 mask requests, 0 mask replies, 0 quench

                              0 parameter, 0 timestamp, 0 timestamp replies, 0 info request, 0 other

                              0 irdp solicitations, 0 irdp advertisements

                              540 time exceeded, 0 info replies

                        Sent: 0 redirects, 586311 unreachable, 108068 echo, 26198 echo reply

                              0 mask requests, 0 mask replies, 0 quench, 0 timestamp, 0 timestamp replies

                              0 info reply, 2011 time exceeded, 0 parameter problem

                              0 irdp solicitations, 0 irdp advertisements

                       

                      UDP statistics:

                        Rcvd: 956596 total, 7307 checksum errors, 949142 no port

                        Sent: 0 total, 0 forwarded broadcasts

                       

                      BGP statistics:

                        Rcvd: 0 total, 0 opens, 0 notifications, 0 updates

                              0 keepalives, 0 route-refresh, 0 unrecognized

                        Sent: 0 total, 0 opens, 0 notifications, 0 updates

                              0 keepalives, 0 route-refresh

                       

                      TCP statistics:

                        Rcvd: 1565225 total, 296 checksum errors, 252870 no port

                        Sent: 1901383 total

                       

                      EIGRP-IPv4 statistics:

                        Rcvd: 0 total

                        Sent: 0 total

                       

                      PIMv2 statistics: Sent/Received

                        Total: 0/0, 0 checksum errors, 0 format errors

                        Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0,  Hellos: 0/0

                        Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0

                        Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0

                        Queue drops: 0

                        State-Refresh: 0/0

                       

                      IGMP statistics: Sent/Received

                        Total: 0/0, Format errors: 0/0, Checksum errors: 0/0

                        Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0

                        DVMRP: 0/0, PIM: 0/0

                        Queue drops: 0

                       

                      OSPF statistics:

                        Last clearing of OSPF traffic counters never

                       

                        Rcvd: 0 total, 0 checksum errors

                              0 hello, 0 database desc, 0 link state req

                              0 link state updates, 0 link state acks

                       

                        Sent: 0 total

                              0 hello, 0 database desc, 0 link state req

                              0 link state updates, 0 link state acks

                       

                      ARP statistics:

                        Rcvd: 656281 requests, 202583 replies, 0 reverse, 0 other

                        Sent: 7424 requests, 100956 replies (2775 proxy), 0 reverse

                        Drop due to input queue full: 0

                       

                       

                       

                       

                      ********************************************************************************************

                       

                       

                      *Nov  9 17:26:30.966: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:28:31.874: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:30:21.626: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:35:48.234: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:38:22.454: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:39:06.822: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:39:42.266: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:40:19.666: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:40:50.598: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:41:21.034: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:42:17.654: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:43:09.314: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:43:56.618: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:44:27.138: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:44:57.814: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:45:30.066: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:46:04.882: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      *Nov  9 17:46:40.066: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                      • 8. Re: ip nat translation timeout 28800
                        Martin

                        see please how can I solve this problem

                        if what support at cisco did not work (ip virtual-reassembly in max-reassemblies), post your question there on the support.cisco.com

                         

                        we here support learning technology, concepts, and certification type of issues; not real technical side.

                        • 9. Re: ip nat translation timeout 28800
                          Ing_Percy

                          Hi!

                          ali escribió:

                          *Nov  9 17:46:40.066: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

                          About it, I put a post about it (post 11)

                          Re: ip nat translation timeout 28800

                           

                          In another case of Cisco community

                          %IP_VFR-4-FRAG_TABLE_OVERFLOW: [chars]: the fragment table has reached its maximum threshold [dec]

                           

                          The number of datagrams being reassembled at any one time has reached it maximum limit.

                           

                          Recommended Action: Increase the maximum number of datagrams that can be reassembled by entering the ip virtual-reassembly max-reassemblies number command, with number being the maximum number of datagrams that can be reassembled at any one time.

                           

                          Related documents- No specific documents apply to this error message.

                           

                          Source: https://208.74.205.244/t5/routing/some-router-errors/td-p/1197058

                           

                          Regards!

                          • 10. Re: ip nat translation timeout 28800
                            Parvesh

                            That message is telling you that the maximum amount of datagrams that can be reassembled at any given time has reached the maximum permitted by these interfaces.

                             

                            The maximum limit can be increased by extending virtual-reassemblies but you may also need to check the max MTU supported and increase it.

                             

                            You can refer:

                            • Fragmentation and Packet Re assemblies.
                            • debug ip virtual-reassembly
                            • Reassembly timeouts.

                             

                            • Router(config-if)#ip virtual-reassembly in max-reassemblies ?

                                                              <1-1024>  Number of datagrams that can be reassembled at a timeWhat you should do:

                            1. Search for the reason that there is fragmentation in your network and solve that problem. Using the debug command.
                            2. If you come to the conclusion that step 1  does not help or  the reassemblies are not part of an attack, you can increase the amount of allowed re assemblies: ip virtual-reassembly in max-reassemblies N.

                            my response on similar thread.
                            • 11. Re: ip nat translation timeout 28800
                              ali

                              thank you parvesh

                              I try this command ip virtual-reassembly in max-reassemblies N.

                              but the problem still

                              • 12. Re: ip nat translation timeout 28800
                                Martin

                                have you gone to https://community.cisco.com/t5/technology-and-support/ct-p/technology-support


                                for such technical question you should go there and ask them

                                • 13. Re: ip nat translation timeout 28800
                                  Parvesh

                                  can you share your findings, changes done and actions taken so far ?