ARP entry disappears

=A0 Interface

ARPA =A0 FastEthernet4

ARPA =A0 FastEthernet4

ARPA =A0 FastEthernet4 Internet =A0X.X.X.109 =A0 =A0 =A0 =A0 =A0 =A0 =A0 - =A0 001b.2b2e.9f52 =A0= ARPA =A0 FastEthernet4

ARPA =A0 FastEthernet4

One thing - not probably essential is that your NAT config is more complex than necessary.

It is not required that you use a NAT pool for your PAT (hide nat) address.

no ip nat inside source list NAT pool CCC overload ip nat inside source list NAT interface fastethernet 4 overload

Is from memory equivalent and is all that is required.

Worth upgrading software probably - what IOS do you have?

I also notice that you have

the same MAC for both 1.4 and 1.5.

Is this what you expect?

Your config looks reasonable to me and should work.

I am not sure what happens if there is no ARP entry for the inside end of your NAT. i.e. in this case the 192.168.1.4 address. Perhaps next time it disappears you could check that?

debug ip nat - is quite good.

you should no logg con logg buff deb logg buff 50000 ! shoudl check memory with sh mem

then 'sh log' to see the debugs

Yes, I reduced the NAT pool to one address now but it didn't help.

The second address was not in use and so I added it to the pool. But you're right it's not necessary and there are only a couple of people inside the network.

c870-advsecurityk9-mz.124-4.T7 I guess it's quite recent. I had this problem with C831 as well. The IOS there is at least 2 years old.

Yes, that's right. The natted machine has two addresses (using ip alias) on its interface. I need that because https is running with two different certificates. By the way: this saves me from going onsite to reboot the router. The seconds address was always reachable and I can slogin to the server and then telnet to the router.

It worked for more than two years there and I use similar configs on other sites. It started to happen after we replaced an old SGI Origin 300 with a HP 380 G5 running RedHat Enterprise Linux 5 x86_64. The HP itselves behaves well.

Just started debugging (using syslog). Now I'll go onsite and install a 10MBit-Hub to protocol each paket running between the router's and the provider's interface.

Thanks so far, Valentin

you could try installing static ARP entries in router to see if that will provide a workaround

Yep, I just did it. Hope it works. I'll see it tomorrow.

Thanks, Valentin

Well, it worked the last few days. But today I had the same again. The arp entry was there because I set it statically but the 871 didn't reply to 'arp who-has' for this one ip address. The static nat mapping is there as well (seen using 'show ip nat translations'. Almost no memory or cpu usage on the router. One interesting thing: when it happens then the mapping of the external to the internal ip address in the dns doesn't work, too. Looks like the nat mapping is lost tough it's still shown.

Any ideas?

- Valentin