NAT timeout|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by Pierrot Robert on June 6, 2006, 3:01 pm
Please log in for more thread options
I have a problem with a Cisco 1841 router running IOS Version 12.3(11)T5. I use NAT to access the Internet through the router. Sometimes, around 3-4 times a day, all Internet access stops because our DNS server cannot access the Internet to resolve addresses. All Internet communication from this server is stoped. If I issue a "clear ip nat translation *" command to the router it works again. I heard that the default NAT timeout value are not optimum and that i should enter different values for tcp, udp and dns timeouts. Is it right ? Here's my config. Thank you for your advice. ------ Current configuration : 3894 bytes ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname gateway ! boot-start-marker boot system flash flash:c1841-entbase-mz.123-11.T5.bin boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical ! clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 no aaa new-model ip subnet-zero no ip source-route ip cef ! ! ip tcp synwait-time 10 ! ! no ip bootp server ip domain name grimard.ca ip name-server 198.235.216.130 no ftp-server write-enable ! ! ! ! interface FastEthernet0/0 description Bersimis$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$ ip address 10.1.1.200 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip route-cache flow duplex auto speed auto no cdp enable no mop enabled ! interface FastEthernet0/1 description Internet$ETH-LAN$ ip address 67.71.244.58 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip route-cache flow duplex auto speed auto no cdp enable no mop enabled ! interface FastEthernet0/0/0 no ip address no cdp enable ! interface FastEthernet0/0/1 no ip address no cdp enable ! interface FastEthernet0/0/2 no ip address no cdp enable ! interface FastEthernet0/0/3 no ip address no cdp enable ! interface Vlan1 description DMZ ip address 10.1.5.11 255.255.255.0 ip nat inside ! ip classless ip route 0.0.0.0 0.0.0.0 XX.XX.244.57 permanent ! ip http server ip http authentication local ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 100 interface FastEthernet0/1 overload ip nat inside source static tcp 10.1.5.13 25 XX.XX.244.58 25 extendable ip nat inside source static tcp 10.1.5.13 80 XX.XX.244.58 80 extendable ip nat inside source static tcp 10.1.5.13 110 XX.XX.244.58 110 extendable ip nat inside source static tcp 10.1.5.13 443 XX.XX.244.58 443 extendable ip nat inside source static tcp 10.1.1.17 3389 XX.XX.244.58 3389 extendable ! logging trap debugging access-list 100 permit ip 0.0.0.0 10.255.255.255 any no cdp run ! ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet line vty 5 15 privilege level 15 login local transport input telnet ! scheduler allocate 4000 1000 end | |||||||||||||||||||
|
Posted by NetKing on June 6, 2006, 4:43 pm
Please log in for more thread options " ip nat translation timeout never" Rgds, Elil Pierrot Robert wrote: | |||||||||||||||||||
|
Posted by Pierrot Robert on June 6, 2006, 4:58 pm
Please log in for more thread options Thanks. Won't the router exhaust all memory if the translations never drop
from the table ? NetKing wrote: > Try in global config mode
> > " ip nat translation timeout never" > > > Rgds, > Elil > > > Pierrot Robert wrote: >> Hi,
>> >> I have a problem with a Cisco 1841 router running IOS Version >> 12.3(11)T5. >> >> I use NAT to access the Internet through the router. >> >> Sometimes, around 3-4 times a day, all Internet access stops because >> our DNS server cannot access the Internet to resolve addresses. All >> Internet communication from this server is stoped. If I issue a >> "clear ip nat translation *" command to the router it works again. >> >> I heard that the default NAT timeout value are not optimum and that >> i should enter different values for tcp, udp and dns timeouts. Is it >> right ? >> >> Here's my config. Thank you for your advice. >> ------ >> Current configuration : 3894 bytes >> ! >> version 12.3 >> no service pad >> service tcp-keepalives-in >> service tcp-keepalives-out >> service timestamps debug datetime msec localtime show-timezone >> service timestamps log datetime msec localtime show-timezone >> service password-encryption >> service sequence-numbers >> ! >> hostname gateway >> ! >> boot-start-marker >> boot system flash flash:c1841-entbase-mz.123-11.T5.bin >> boot-end-marker >> ! >> security authentication failure rate 3 log >> security passwords min-length 6 >> logging buffered 51200 debugging >> logging console critical >> ! >> clock timezone PCTime -5 >> clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 >> mmi polling-interval 60 >> no mmi auto-configure >> no mmi pvc >> mmi snmp-timeout 180 >> no aaa new-model >> ip subnet-zero >> no ip source-route >> ip cef >> ! >> ! >> ip tcp synwait-time 10 >> ! >> ! >> no ip bootp server >> ip domain name grimard.ca >> ip name-server 198.235.216.130 >> no ftp-server write-enable >> ! >> ! >> ! >> ! >> interface FastEthernet0/0 >> description Bersimis$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE >> 0$$ETH-LAN$ >> ip address 10.1.1.200 255.255.255.0 >> no ip redirects >> no ip unreachables >> no ip proxy-arp >> ip nat inside >> ip route-cache flow >> duplex auto >> speed auto >> no cdp enable >> no mop enabled >> ! >> interface FastEthernet0/1 >> description Internet$ETH-LAN$ >> ip address 67.71.244.58 255.255.255.248 >> no ip redirects >> no ip unreachables >> no ip proxy-arp >> ip nat outside >> ip route-cache flow >> duplex auto >> speed auto >> no cdp enable >> no mop enabled >> ! >> interface FastEthernet0/0/0 >> no ip address >> no cdp enable >> ! >> interface FastEthernet0/0/1 >> no ip address >> no cdp enable >> ! >> interface FastEthernet0/0/2 >> no ip address >> no cdp enable >> ! >> interface FastEthernet0/0/3 >> no ip address >> no cdp enable >> ! >> interface Vlan1 >> description DMZ >> ip address 10.1.5.11 255.255.255.0 >> ip nat inside >> ! >> ip classless >> ip route 0.0.0.0 0.0.0.0 XX.XX.244.57 permanent >> ! >> ip http server >> ip http authentication local >> ip http timeout-policy idle 600 life 86400 requests 10000 >> ip nat inside source list 100 interface FastEthernet0/1 overload >> ip nat inside source static tcp 10.1.5.13 25 XX.XX.244.58 25 >> extendable >> ip nat inside source static tcp 10.1.5.13 80 XX.XX.244.58 80 >> extendable >> ip nat inside source static tcp 10.1.5.13 110 XX.XX.244.58 110 >> extendable ip nat inside source static tcp 10.1.5.13 443 >> XX.XX.244.58 443 extendable ip nat inside source static tcp >> 10.1.1.17 3389 XX.XX.244.58 3389 extendable ! >> logging trap debugging >> access-list 100 permit ip 0.0.0.0 10.255.255.255 any >> no cdp run >> ! >> ! >> ! >> control-plane >> ! >> banner login ^CAuthorized access only! >> Disconnect IMMEDIATELY if you are not an authorized user!^C >> ! >> line con 0 >> login local >> transport output telnet >> line aux 0 >> login local >> transport output telnet >> line vty 0 4 >> privilege level 15 >> login local >> transport input telnet >> line vty 5 15 >> privilege level 15 >> login local >> transport input telnet >> ! >> scheduler allocate 4000 1000 >> end | |||||||||||||||||||
|
Posted by Pierrot Robert on June 8, 2006, 2:46 pm
Please log in for more thread options I tried that and I still had the problem 2 times today. Anything else ?
Pierrot NetKing wrote: > Try in global config mode
> > " ip nat translation timeout never" > > > Rgds, > Elil > > > Pierrot Robert wrote: >> Hi,
>> >> I have a problem with a Cisco 1841 router running IOS Version >> 12.3(11)T5. >> >> I use NAT to access the Internet through the router. >> >> Sometimes, around 3-4 times a day, all Internet access stops because >> our DNS server cannot access the Internet to resolve addresses. All >> Internet communication from this server is stoped. If I issue a >> "clear ip nat translation *" command to the router it works again. >> >> I heard that the default NAT timeout value are not optimum and that >> i should enter different values for tcp, udp and dns timeouts. Is it >> right ? >> >> Here's my config. Thank you for your advice. >> ------ >> Current configuration : 3894 bytes >> ! >> version 12.3 >> no service pad >> service tcp-keepalives-in >> service tcp-keepalives-out >> service timestamps debug datetime msec localtime show-timezone >> service timestamps log datetime msec localtime show-timezone >> service password-encryption >> service sequence-numbers >> ! >> hostname gateway >> ! >> boot-start-marker >> boot system flash flash:c1841-entbase-mz.123-11.T5.bin >> boot-end-marker >> ! >> security authentication failure rate 3 log >> security passwords min-length 6 >> logging buffered 51200 debugging >> logging console critical >> ! >> clock timezone PCTime -5 >> clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 >> mmi polling-interval 60 >> no mmi auto-configure >> no mmi pvc >> mmi snmp-timeout 180 >> no aaa new-model >> ip subnet-zero >> no ip source-route >> ip cef >> ! >> ! >> ip tcp synwait-time 10 >> ! >> ! >> no ip bootp server >> ip domain name grimard.ca >> ip name-server 198.235.216.130 >> no ftp-server write-enable >> ! >> ! >> ! >> ! >> interface FastEthernet0/0 >> description Bersimis$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE >> 0$$ETH-LAN$ >> ip address 10.1.1.200 255.255.255.0 >> no ip redirects >> no ip unreachables >> no ip proxy-arp >> ip nat inside >> ip route-cache flow >> duplex auto >> speed auto >> no cdp enable >> no mop enabled >> ! >> interface FastEthernet0/1 >> description Internet$ETH-LAN$ >> ip address 67.71.244.58 255.255.255.248 >> no ip redirects >> no ip unreachables >> no ip proxy-arp >> ip nat outside >> ip route-cache flow >> duplex auto >> speed auto >> no cdp enable >> no mop enabled >> ! >> interface FastEthernet0/0/0 >> no ip address >> no cdp enable >> ! >> interface FastEthernet0/0/1 >> no ip address >> no cdp enable >> ! >> interface FastEthernet0/0/2 >> no ip address >> no cdp enable >> ! >> interface FastEthernet0/0/3 >> no ip address >> no cdp enable >> ! >> interface Vlan1 >> description DMZ >> ip address 10.1.5.11 255.255.255.0 >> ip nat inside >> ! >> ip classless >> ip route 0.0.0.0 0.0.0.0 XX.XX.244.57 permanent >> ! >> ip http server >> ip http authentication local >> ip http timeout-policy idle 600 life 86400 requests 10000 >> ip nat inside source list 100 interface FastEthernet0/1 overload >> ip nat inside source static tcp 10.1.5.13 25 XX.XX.244.58 25 >> extendable >> ip nat inside source static tcp 10.1.5.13 80 XX.XX.244.58 80 >> extendable >> ip nat inside source static tcp 10.1.5.13 110 XX.XX.244.58 110 >> extendable ip nat inside source static tcp 10.1.5.13 443 >> XX.XX.244.58 443 extendable ip nat inside source static tcp >> 10.1.1.17 3389 XX.XX.244.58 3389 extendable ! >> logging trap debugging >> access-list 100 permit ip 0.0.0.0 10.255.255.255 any >> no cdp run >> ! >> ! >> ! >> control-plane >> ! >> banner login ^CAuthorized access only! >> Disconnect IMMEDIATELY if you are not an authorized user!^C >> ! >> line con 0 >> login local >> transport output telnet >> line aux 0 >> login local >> transport output telnet >> line vty 0 4 >> privilege level 15 >> login local >> transport input telnet >> line vty 5 15 >> privilege level 15 >> login local >> transport input telnet >> ! >> scheduler allocate 4000 1000 >> end | |||||||||||||||||||
| Similar Threads | Posted |
| FIN Timeout | August 26, 2005, 1:18 pm |
| VPN Timeout | October 18, 2005, 1:57 pm |
| NAT timeout | June 6, 2006, 3:01 pm |
| Cisco SDM timeout | April 19, 2007, 2:09 pm |
| timeout xlate BCP | August 30, 2007, 11:28 am |
| FWSM - SAP timeout ? | April 7, 2008, 3:26 pm |
| tftp timeout | June 5, 2009, 9:58 pm |
| exec-timeout on line | November 29, 2005, 11:44 am |
| re:LOCK OBTAIN TIMEOUT | January 14, 2006, 10:15 pm |
| question about timeout conn | April 21, 2006, 11:50 am |
| question about timeout conn | April 21, 2006, 11:55 am |
| Ike phase 1 rekey & timeout | March 18, 2008, 2:51 pm |
| AS5800 and Idle-Timeout Issue | December 1, 2005, 3:21 pm |
| 120 sec. request timeout in acns 3.1 (proxy) | November 3, 2006, 6:02 am |
| Dialer Idle Timeout Not Working | June 16, 2007, 12:06 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>
> I have a problem with a Cisco 1841 router running IOS Version 12.3(11)T5.
>
> I use NAT to access the Internet through the router.
>
> Sometimes, around 3-4 times a day, all Internet access stops because our DNS
> server cannot access the Internet to resolve addresses. All Internet
> communication from this server is stoped. If I issue a "clear ip nat
> translation *" command to the router it works again.
>
> I heard that the default NAT timeout value are not optimum and that i should
> enter different values for tcp, udp and dns timeouts. Is it right ?
>
> Here's my config. Thank you for your advice.
> ------
> Current configuration : 3894 bytes
> !
> version 12.3
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname gateway
> !
> boot-start-marker
> boot system flash flash:c1841-entbase-mz.123-11.T5.bin
> boot-end-marker
> !
> security authentication failure rate 3 log
> security passwords min-length 6
> logging buffered 51200 debugging
> logging console critical
> !
> clock timezone PCTime -5
> clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
> mmi polling-interval 60
> no mmi auto-configure
> no mmi pvc
> mmi snmp-timeout 180
> no aaa new-model
> ip subnet-zero
> no ip source-route
> ip cef
> !
> !
> ip tcp synwait-time 10
> !
> !
> no ip bootp server
> ip domain name grimard.ca
> ip name-server 198.235.216.130
> no ftp-server write-enable
> !
> !
> !
> !
> interface FastEthernet0/0
> description Bersimis$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE
> 0$$ETH-LAN$
> ip address 10.1.1.200 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip route-cache flow
> duplex auto
> speed auto
> no cdp enable
> no mop enabled
> !
> interface FastEthernet0/1
> description Internet$ETH-LAN$
> ip address 67.71.244.58 255.255.255.248
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat outside
> ip route-cache flow
> duplex auto
> speed auto
> no cdp enable
> no mop enabled
> !
> interface FastEthernet0/0/0
> no ip address
> no cdp enable
> !
> interface FastEthernet0/0/1
> no ip address
> no cdp enable
> !
> interface FastEthernet0/0/2
> no ip address
> no cdp enable
> !
> interface FastEthernet0/0/3
> no ip address
> no cdp enable
> !
> interface Vlan1
> description DMZ
> ip address 10.1.5.11 255.255.255.0
> ip nat inside
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 XX.XX.244.57 permanent
> !
> ip http server
> ip http authentication local
> ip http timeout-policy idle 600 life 86400 requests 10000
> ip nat inside source list 100 interface FastEthernet0/1 overload
> ip nat inside source static tcp 10.1.5.13 25 XX.XX.244.58 25 extendable
> ip nat inside source static tcp 10.1.5.13 80 XX.XX.244.58 80 extendable
> ip nat inside source static tcp 10.1.5.13 110 XX.XX.244.58 110 extendable
> ip nat inside source static tcp 10.1.5.13 443 XX.XX.244.58 443 extendable
> ip nat inside source static tcp 10.1.1.17 3389 XX.XX.244.58 3389 extendable
> !
> logging trap debugging
> access-list 100 permit ip 0.0.0.0 10.255.255.255 any
> no cdp run
> !
> !
> !
> control-plane
> !
> banner login ^CAuthorized access only!
> Disconnect IMMEDIATELY if you are not an authorized user!^C
> !
> line con 0
> login local
> transport output telnet
> line aux 0
> login local
> transport output telnet
> line vty 0 4
> privilege level 15
> login local
> transport input telnet
> line vty 5 15
> privilege level 15
> login local
> transport input telnet
> !
> scheduler allocate 4000 1000
> end