Dynamic NAT Failure|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by Yoann Roman on August 28, 2006, 11:54 am
Please log in for more thread options
This router is configured with two NAT inside Ethernet interfaces for the LANs and one NAT outside serial interface for Internet. There are a few static NAT entries for servers and a pool of 1 IP address for dynamic NAT. About 1 to 3 times a month, no workstation using dynamic NAT on either Ethernet interface is able to get out to the web. When I do a "show ip nat trans", all I see listed are the static translations, no dynamic ones. Servers setup with static NAT go in and out fine. The only solution I've found is doing a "reload". Everything works after that. No config changes are made when these problems appear, and they seem to always occur first thing in the morning. The LAN has no more than 45 simultaneous users. The NAT setup hasn't changed for over 2 to 3 years, and this only started happening in the past year. Any ideas? Thanks, -- Yoann Roman | ||||||||||||||||
|
Posted by NO_spamm on August 28, 2006, 5:08 pm
Please log in for more thread options It sounds like your pool of port numbers is emptied. Nothing changed to the router, but has the number of LAN user increased compared to two years ago? How are the ip nat translation time-out values set? FW | ||||||||||||||||
|
Posted by Yoann Roman on August 28, 2006, 5:26 pm
Please log in for more thread options > On Mon, 28 Aug 2006 15:54:13 +0000, Yoann Roman wrote:
> >> I'm experiencing a strange NAT problem with a Cisco 2514 running
>> 12.0(26). This router is configured with two NAT inside Ethernet >> interfaces for the LANs and one NAT outside serial interface for >> Internet. There are a few static NAT entries for servers and a pool >> of 1 IP address for dynamic NAT. >> >> About 1 to 3 times a month, no workstation using dynamic NAT on >> either Ethernet interface is able to get out to the web. When I do a >> "show ip nat trans", all I see listed are the static translations, >> no dynamic ones. Servers setup with static NAT go in and out fine. >> The only solution I've found is doing a "reload". Everything works >> after that. >> >> No config changes are made when these problems appear, and they seem >> to always occur first thing in the morning. The LAN has no more than >> 45 simultaneous users. The NAT setup hasn't changed for over 2 to 3 >> years, and this only started happening in the past year. >> >> Any ideas? >> >> Thanks, >
> It sounds like your pool of port numbers is emptied. > Nothing changed to the router, but has the number of LAN user > increased compared to two years ago? > > How are the ip nat translation time-out values set? > > > FW The number of LAN users has probably increased from 30 to 45, at most, over the past 2 years. The timeout values are at their defaults, which I can lookup if needed. I have read about cases where the pool of port numbers is emptied or the NAT table is filled up when the timeout values are too great, but I would presume there should be at least a few dynamic NAT entries when doing a "show ip nat trans" if that were the case. Instead, I'm not seeing anything at all... Thanks, -- Yoann Roman | ||||||||||||||||
| Similar Threads | Posted |
| Re: Dynamic NAT Failure | September 1, 2006, 9:53 am |
| Dynamic NAT Failure | August 28, 2006, 11:54 am |
| VPN between peers with dynamic IP address and dynamic DNS | February 4, 2008, 12:28 pm |
| PRI to BRI multilink failure. | July 13, 2005, 9:24 pm |
| ASA failover failure | February 13, 2007, 6:37 am |
| MIB Discovery Failure | October 2, 2007, 2:08 pm |
| 1811 failure | October 29, 2009, 9:40 am |
| 2621XM - np ip inspect causes failure | December 13, 2005, 10:36 am |
| Pix 515 does not recover from, Power Failure | July 24, 2006, 12:28 pm |
| Temporary failure on T.38 fax calls | February 7, 2007, 5:48 am |
| VPN 3005 to IAS authentication failure... | March 5, 2007, 2:15 pm |
| VPN 3005 to IAS authentication failure... | March 5, 2007, 2:16 pm |
| Failure after switch warms up | July 19, 2007, 7:56 pm |
| RDP thru Cisco VPN client and thru 501 Failure | August 5, 2008, 3:52 pm |
| Wired dot1x failure | April 30, 2009, 4:22 am |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
> This router is configured with two NAT inside Ethernet interfaces for the
> LANs and one NAT outside serial interface for Internet. There are a few
> static NAT entries for servers and a pool of 1 IP address for dynamic NAT.
>
> About 1 to 3 times a month, no workstation using dynamic NAT on either
> Ethernet interface is able to get out to the web. When I do a "show ip nat
> trans", all I see listed are the static translations, no dynamic ones.
> Servers setup with static NAT go in and out fine. The only solution I've
> found is doing a "reload". Everything works after that.
>
> No config changes are made when these problems appear, and they seem to
> always occur first thing in the morning. The LAN has no more than 45
> simultaneous users. The NAT setup hasn't changed for over 2 to 3 years, and
> this only started happening in the past year.
>
> Any ideas?
>
> Thanks,