Hey there,
I bought a Cisco 837 ADSL router a couple of months ago, have configured it pretty well for my liking, and has been running fine mostly. One problem I'm having though is that static translations I've configured in the config are disappearing after, it seems, a period of time of them not being used. It's as if there's a translation timeout setting operating that removes unused static entries after a given period of time (I'm not sure about the length of time exactly but it seems to be around a few days).
The configuration commands I'm using to open ports are:
ip nat inside source static tcp 192.168.1.2 62020 interface Dialer0 62020 ip nat inside source static tcp 192.168.1.2 62019 interface Dialer0 62019 ip nat inside source static tcp 192.168.1.2 62018 interface Dialer0 62018 ip nat inside source static tcp 192.168.1.2 62017 interface Dialer0 62017 ip nat inside source static tcp 192.168.1.2 62016 interface Dialer0 62016 ip nat inside source static tcp 192.168.1.2 62015 interface Dialer0 62015 ip nat inside source static tcp 192.168.1.2 54211 interface Dialer0 54211 ip nat inside source static udp 192.168.1.2 54211 interface Dialer0 54211 ip nat inside source static tcp 192.168.1.2 18416 interface Dialer0 18416 ip nat inside source static tcp 192.168.1.2 7000 interface Dialer0 7000 ip nat inside source static udp 192.168.1.2 7000 interface Dialer0 7000 ip nat inside source static tcp 192.168.1.2 1919 interface Dialer0 1919 ip nat inside source static tcp 192.168.1.2 666 interface Dialer0 666 ip nat inside source static udp 192.168.1.2 666 interface Dialer0 666 ip nat inside source static tcp 192.168.1.2 220 interface Dialer0 220 ip nat inside source static udp 192.168.1.2 220 interface Dialer0 220
If I reload the router and issue the command 'show ip nat translations tcp | include ---' it shows all these defined ports as operating (open):
tcp 11.22.33.44:220 192.168.1.2:220 --- --- tcp 11.22.33.44:666 192.168.1.2:666 --- --- tcp 11.22.33.44:1919 192.168.1.2:1919 --- --- tcp 11.22.33.44:7000 192.168.1.2:7000 --- --- tcp 11.22.33.44:18416 192.168.1.2:18416 --- --- tcp 11.22.33.44:54211 192.168.1.2:54211 --- --- tcp 11.22.33.44:62015 192.168.1.2:62015 --- --- tcp 11.22.33.44:62016 192.168.1.2:62016 --- --- tcp 11.22.33.44:62017 192.168.1.2:62017 --- --- tcp 11.22.33.44:62018 192.168.1.2:62018 --- --- tcp 11.22.33.44:62019 192.168.1.2:62019 --- --- tcp 11.22.33.44:62020 192.168.1.2:62020 --- ---
...though after a while any of these that haven't seen use for 'a while' disappear, so I have to telnet in, conf t, and paste the config translation lines back in to get them back up.
I've been logging NAT translations out to syslog and this has captured these static entries being removed, though it hasn't helped me deduce why exactly:
%IPNAT-6-NAT_DELETED: Deleted tcp 192.168.1.2:62015 11.22.33.44:62015
0.0.0.0:0 0.0.0.0:0I'm at a loss as to what's causing this so any help would be much appreciated.
Cheers.
-------------------------------------------------------------------------- An edited version of the startup-config below:
version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname c837 ! ! memory-size iomem 5 no logging buffered no logging console no logging monitor enable secret 5 $xxxxxxxxxx ! username xxxxx password 7 xxxxxxx clock timezone GMT 0 clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00 no aaa new-model ip subnet-zero ip tcp selective-ack ip tcp synwait-time 10 ip tcp path-mtu-discovery no ip domain lookup ! ! no ip bootp server ip cef ip multicast-routing ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable ! ! ! no crypto isakmp enable ! ! ! ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables ip nat inside ip pim sparse-dense-mode ip tcp adjust-mss 1452 ip igmp helper-address udl Dialer0 no cdp enable hold-queue 100 out ! interface ATM0 no ip address no ip redirects no ip unreachables atm pppatm link reset no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Dialer0 ip address negotiated ip access-group 101 in ip access-group 102 out no ip redirects no ip unreachables ip mtu 1492 ip nat outside ip pim sparse-dense-mode encapsulation ppp ip igmp unidirectional-link dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 ppp authentication chap callin ppp chap hostname xxxxxxxxxx@xxxxxxxxx ppp chap password 7 xxxxxxxxxxxxxxxxx ppp ipcp dns request ! ip nat log translations syslog ip nat translation tcp-timeout 900 ip nat translation max-entries 2048 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.1.2 62020 interface Dialer0 62020 ip nat inside source static tcp 192.168.1.2 62019 interface Dialer0 62019 ip nat inside source static tcp 192.168.1.2 62018 interface Dialer0 62018 ip nat inside source static tcp 192.168.1.2 62017 interface Dialer0 62017 ip nat inside source static tcp 192.168.1.2 62016 interface Dialer0 62016 ip nat inside source static tcp 192.168.1.2 62015 interface Dialer0 62015 ip nat inside source static tcp 192.168.1.2 54211 interface Dialer0 54211 ip nat inside source static udp 192.168.1.2 54211 interface Dialer0 54211 ip nat inside source static tcp 192.168.1.2 18416 interface Dialer0 18416 ip nat inside source static tcp 192.168.1.2 7000 interface Dialer0 7000 ip nat inside source static udp 192.168.1.2 7000 interface Dialer0 7000 ip nat inside source static tcp 192.168.1.2 1919 interface Dialer0 1919 ip nat inside source static tcp 192.168.1.2 666 interface Dialer0 666 ip nat inside source static udp 192.168.1.2 666 interface Dialer0 666 ip nat inside source static tcp 192.168.1.2 220 interface Dialer0 220 ip nat inside source static udp 192.168.1.2 220 interface Dialer0 220 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server ip http access-class 2 no ip http secure-server ! ! ip access-list logging interval 1 ip access-list log-update threshold 1 logging trap debugging logging facility syslog logging 192.168.1.2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 101 *** removed *** access-list 102 *** removed *** dialer-list 1 protocol ip permit snmp-server community public RO snmp-server enable traps tty no cdp run ! control-plane ! ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 access-class 2 in exec-timeout 60 0 login local transport preferred all transport input telnet ssh transport output none ! scheduler max-task-time 5000 sntp server 193.62.22.66 ! end