NAT Translations on a 2514 Router

[Bedrock1977]

Is there a limit to how long NAT translations will remain in the NAT table even after the browsing session has been closed? Do they automatically clear themselves out or do I need to go in and manually clear them out myself? After a long browsing session, the router will lock up because of too many translations listed. How can I solve this problem?

Thanks.

 

[burtsbees]

clear ip nat trans *

Post a sh run

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Minue]

The below should help with your problem:

ip nat translation udp-timeout <seconds>
ip nat translation dns-timeout <seconds>
ip nat translation tcp-timeout <seconds>


Regards

 

[Bedrock1977]

Sorry it took so long to reply.

Here is my running config.

Current configuration : 2015 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DSL_ROUTER
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
!
ip dhcp pool insideDHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 208.67.222.222 208.67.220.220
!
!
!
!
!
interface Ethernet0
description EXTERNAL ETHERNET INTERFACE TO THE INTERNET
ip address dhcp
ip nat outside
no ip route-cache
no ip mroute-cache
!
interface Ethernet1
description INTERNAL ETHERNET INTERFACE FOR PRIVATE CLIENTS
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
!
interface Serial0
no ip address
encapsulation frame-relay
no fair-queue
!
interface Serial0.102 point-to-point
ip address 10.1.1.1 255.255.255.0
frame-relay interface-dlci 102
!
interface Serial0.103 point-to-point
ip address 10.1.2.1 255.255.255.0
frame-relay interface-dlci 103
!
interface Serial0.104 point-to-point
ip address 10.1.3.1 255.255.255.0
frame-relay interface-dlci 104
!
interface Serial1
no ip address
shutdown
!
router eigrp 10
redistribute static
network 10.0.0.0
network 192.168.1.0
auto-summary
!

!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
!
alias configure rr router rip
alias configure re router eigrp
alias exec s sho ip int brief
alias exec sr sh ip route
alias exec r show run
!
line con 0
exec-timeout 0 0
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 0 0
login
!
end

 

[Bedrock1977]

Minue - You mentioned these commands in your response

ip nat translation udp-timeout <seconds>
ip nat translation dns-timeout <seconds>
ip nat translation tcp-timeout <seconds>


I looked at the IOS Command Reference Guide and they list the defaults for udp-timeout as 300 seconds (5 minutes), dns-timeout as 60 seconds, and tcp-timeout as 86,400 seconds (24 hours). Would you leave those defaults just like this or change them to something different? I assume that the word timeout refers to the deletion of the NAT entry from the NAT table?

Thanks.

 

[Minue]

Hello
You should change the timeouts to suit your network,especially the TCP timeouts,don't know the defaults,but you should lower this to lowest possible value to resolve the problem.
All have this is happening because of the low memory and CPU of the 2514.
Regards