Hi,
I have a problem with a Cisco 1841 router running IOS Version 12.3(11)T5.
I use NAT to access the Internet through the router.
Sometimes, around 3-4 times a day, all Internet access stops because our DNS server cannot access the Internet to resolve addresses. All Internet communication from this server is stoped. If I issue a "clear ip nat translation *" command to the router it works again.
I heard that the default NAT timeout value are not optimum and that i should enter different values for tcp, udp and dns timeouts. Is it right ?
Here's my config. Thank you for your advice.
------ Current configuration : 3894 bytes ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname gateway ! boot-start-marker boot system flash flash:c1841-entbase-mz.123-11.T5.bin boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical ! clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 no aaa new-model ip subnet-zero no ip source-route ip cef ! ! ip tcp synwait-time 10 ! ! no ip bootp server ip domain name grimard.ca ip name-server 198.235.216.130 no ftp-server write-enable ! ! ! ! interface FastEthernet0/0 description Bersimis$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE
0$$ETH-LAN$ ip address 10.1.1.200 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip route-cache flow duplex auto speed auto no cdp enable no mop enabled ! interface FastEthernet0/1 description Internet$ETH-LAN$ ip address 67.71.244.58 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip route-cache flow duplex auto speed auto no cdp enable no mop enabled ! interface FastEthernet0/0/0 no ip address no cdp enable ! interface FastEthernet0/0/1 no ip address no cdp enable ! interface FastEthernet0/0/2 no ip address no cdp enable ! interface FastEthernet0/0/3 no ip address no cdp enable ! interface Vlan1 description DMZ ip address 10.1.5.11 255.255.255.0 ip nat inside ! ip classless ip route 0.0.0.0 0.0.0.0 XX.XX.244.57 permanent ! ip http server ip http authentication local ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 100 interface FastEthernet0/1 overload ip nat inside source static tcp 10.1.5.13 25 XX.XX.244.58 25 extendable ip nat inside source static tcp 10.1.5.13 80 XX.XX.244.58 80 extendable ip nat inside source static tcp 10.1.5.13 110 XX.XX.244.58 110 extendable ip nat inside source static tcp 10.1.5.13 443 XX.XX.244.58 443 extendable ip nat inside source static tcp 10.1.1.17 3389 XX.XX.244.58 3389 extendable ! logging trap debugging access-list 100 permit ip 0.0.0.0 10.255.255.255 any no cdp run ! ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet line vty 5 15 privilege level 15 login local transport input telnet ! scheduler allocate 4000 1000 end