Skip navigation
Cisco Learning Home > CCNP R&S Study Group > Discussions
This Question is Answered 1 Correct Answer available (4 pts) 1 Helpful Answer available (2 pts)
2915 Views 3 Replies Latest reply: Oct 5, 2010 2:20 AM by Paul Stewart - CCIE Security, CCSI RSS

Currently Being Moderated

IP NAT TRANSLATION

Oct 4, 2010 11:34 PM

Rohit Puri 25 posts since
Apr 25, 2009

Hi ,

 

I am facing a problem in some of my Internet Router  that after certain periord of time , Internet would not be accessible through router , but after putting this

command clear ip nat translation * it starts woking ,

 

pls suggest what is the problem is this and the permanenet solution ,

 

i have already tried to set max entries for nat also .

 

Cheers

Rohit Puri

  • denton 48 posts since
    Feb 14, 2010
    Currently Being Moderated
    1. Oct 5, 2010 12:18 AM (in response to Rohit Puri)
    Re: IP NAT TRANSLATION

    Hi Rohit,

     

    first the overload command must be in nat config if you are not using dynamic NAT, but if you enter clear NAT and then its work, i think something about full entries in the nating transltion, which no more supporting any entries. how many client you have it must support all the translations because Maximum number of allowed NAT entries. Range is from 1 to 2147483647. or

    One of the most common problems with a new NAT configuration is not NAT itself, but routing. Remember that you are changing a source or destination address in a packet; after the translation, does the router know what to do with the new address?

    and check IP nat translation timeout

    ip nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout | icmp-timeout | pptp-timeout | syn-timeout | port-timeout} {seconds | never}

     

    Regards,

    Feras.

  • Paul Stewart  -  CCIE Security, CCSI 6,989 posts since
    Jul 18, 2008
    Currently Being Moderated
    2. Oct 5, 2010 2:20 AM (in response to Rohit Puri)
    Re: IP NAT TRANSLATION

    As denton mentioned, overload is typically desired.  This allows port translation instead of one to one nat and effectively increases the amount of translations available substantially.  The question is are you running out of translations with legitimate traffic, or do you have a virus or malware on your network.  If you are using one to one nat (no overload command), you may very well just be running out of translation slots.  However, if you are doing overload and running out of translation slots, I'd start looking at the translations and what inside local address you are seeing the most of.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)