NAT on a 1750 with 12.3(26)
in [Cisco]
|
Prev: Program to show what's attached to network switches cammer.pl -> cammer_c.pl
Next: Setup for Cisco Aironet 1131ag
From: PeterB on 6 Oct 2009 22:33 Hello all... I am trying to put an older box to good use. It is a 1750 router with an ADSL card for my home Internet. I have a static IP to provide ssh access to one of my PCs. The Dialer and PPPoE is working perfectly, and after a reboot all my "ip nat inside source static tcp [LAN IP] 22 [WAN IP] 22 extendable" entries work fine. After about 6-8 minutes (regardless if a connection is open on the translation or not) the mapping stops working. I see the directive in the config and also the "sh ip nat trans" reports that the translations are there and ready to go... Pro Inside global Inside local Outside local Outside global tcp [WAN IP]:22 [LAN IP]:22 --- --- udp [WAN IP]:53 [LAN IP]:53 --- --- What is especially odd is that while I see the directives in the running config, if I issue a "no ip nat ins..." command I get "%Translation not found" and reissuing the "ip nat ins..." commands causes duplicate entries in the running config and the "sh ip nat trans" output. Issuing the command also causes the translation to work again, but only for the expected 6-8 minute period. I think this is a bug, but I don't believe that I have any recourse with Cisco as the unit is EOL and out of contract... I am running 12.3(26) which appears to be the last version built for the 1750 router... Any suggestions are welcomed. Thanks. -Cheers, Peter.
From: bod43 on 7 Oct 2009 00:06 On 7 Oct, 03:33, PeterB <pbrunn...@-nospam-yahoo.com> wrote: > Hello all... > > I am trying to put an older box to good use. It is a 1750 router with > an ADSL card for my home Internet. I have a static IP to provide ssh > access to one of my PCs. > > The Dialer and PPPoE is working perfectly, and after a reboot all my > "ip nat inside source static tcp [LAN IP] 22 [WAN IP] 22 extendable" > entries work fine. After about 6-8 minutes (regardless if a connection > is open on the translation or not) the mapping stops working. I see > the directive in the config and also the "sh ip nat trans" reports that > the translations are there and ready to go... > > Pro Inside global Inside local Outside local > Outside global > tcp [WAN IP]:22 [LAN IP]:22 --- --- > udp [WAN IP]:53 [LAN IP]:53 --- --- > > What is especially odd is that while I see the directives in the > running config, if I issue a "no ip nat ins..." command I get > "%Translation not found" and reissuing the "ip nat ins..." commands > causes duplicate entries in the running config and the "sh ip nat > trans" output. Issuing the command also causes the translation to work > again, but only for the expected 6-8 minute period. > > I think this is a bug, but I don't believe that I have any recourse > with Cisco as the unit is EOL and out of contract... > > I am running 12.3(26) which appears to be the last version built for > the 1750 router... Any suggestions are welcomed. What does "sh ip nat tr" look like? I am wondering if perhaps you have a virus on the inside that is making a very large number of connections to the outside and filling up the nat table or the memory? sh mem ! the first few lines To make sure you are not running out of memory. "largert free" is the critical one. sh arp ! to make sure that you do not have 1,000.... of proxy arp entries.
From: PeterB on 7 Oct 2009 08:29
In article <8e8318ae-a728-4f56-b4ce-c8669a5d666c(a)m11g2000vbl.googlegroups.com>, bod43 <Bod43(a)hotmail.co.uk> wrote: > On 7 Oct, 03:33, PeterB <pbrunn...@-nospam-yahoo.com> wrote: > > Hello all... > > > > I am trying to put an older box to good use. �It is a 1750 router with > > an ADSL card for my home Internet. �I have a static IP to provide ssh > > access to one of my PCs. > > > > The Dialer and PPPoE is working perfectly, and after a reboot all my > > "ip nat inside source static tcp [LAN IP] 22 [WAN IP] 22 extendable" > > entries work fine. �After about 6-8 minutes (regardless if a connection > > is open on the translation or not) the mapping stops working. �I see > > the directive in the config and also the "sh ip nat trans" reports that > > the translations are there and ready to go... > > > > Pro Inside global � � � � Inside local � � � � �Outside local � � � � > > Outside global > > tcp [WAN IP]:22 � � �[LAN IP]:22 � � � � �--- � � � � � � � � � --- > > udp [WAN IP]:53 � � �[LAN IP]:53 � � � � �--- � � � � � � � � � --- > > > > What is especially odd is that while I see the directives in the > > running config, if I issue a "no ip nat ins..." command I get > > "%Translation not found" and reissuing the "ip nat ins..." commands > > causes duplicate entries in the running config and the "sh ip nat > > trans" output. �Issuing the command also causes the translation to work > > again, but only for the expected 6-8 minute period. > > > > I think this is a bug, but I don't believe that I have any recourse > > with Cisco as the unit is EOL and out of contract... > > > > I am running 12.3(26) which appears to be the last version built for > > the 1750 router... � Any suggestions are welcomed. > > What does "sh ip nat tr" look like? > I am wondering if perhaps you have a virus on the inside > that is making a very large number of connections > to the outside and filling up the nat table or the memory? > > sh mem ! the first few lines > > To make sure you are not running out of memory. > "largert free" is the critical one. > > sh arp ! to make sure that you do not have 1,000.... > of proxy arp entries. > Bod43, Thanks for the reply! I am really stumped... Here is my memory stats... things look ok: Head Total(b) Used(b) Free(b) Lowest(b) Largest(b) Processor 81B78B68 13289596 7537744 5751852 5482292 5636204 I/O 27AD000 8728576 1569168 7159408 6982424 7055516 Also, my translations table has maybe 50 entries if I am really busy... I have only six boxes on my LAN segment, two of which don't have internet access (no default routes set). My ARP table only had five entries and that includes itself. Thanks! -Cheers, Peter. |