NAT Problems on Cisco 2611

[homeskillet]

We are running NAT for about 150 users. We were having some problems with P2P apps, so we implemented a few new ACL's to block a few ports. However, as soon as we applied the new ACL's, we ran into a problem.

When the router was restarted (for good measure) everything went rather well. We were getting more bandwidth per person than ever before, and the targeted P2P apps would not work.

However, as soon as we get to about 4000 dynamic translations, no one can get through the router anymore...at least until we go in and enter "clear ip nat translation *". As soon as you hit enter, everyone can get through (for a while). SH PROC shows only about 5%.

So...any ideas how to get it to keep working? More memory (there's currently 8MB)? We currently have dynamic translations timing out in 30 seconds, and we tried setting a max number of translations, but that didn't work either.

 

[svermill]

Me again. I wonder if when you configured your timeout you issued 'ip nat trans timeout 30'? Because that doesn't work when overloading addresses. You must specify each protocol with 'ip nat trans tcp-timout' etc. Try that and see if it doesn't bring down the number of active translations to something your router can handle.

 

[xlee]

What ver of IOS are you running? I had this happen awhile back and it was because of a bug in ver 12.0.
Do search on Cisco's website for ID CSCdp29686.

I upgraded to ver 12.2T and it no problem since.