[c-nsp] NAT Translations
Rodney Dunn
rodunn at cisco.com
Fri Apr 22 09:53:40 EDT 2005
There are a bunch of hooks we put in to help protect
the box configured for NAT for this exact problem.
Take a look at:
http://cco/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d09f0.html
One bug I know of is:
CSCsa51150
Externally found severe defect: Resolved (R)
NAT translation not timing out correctly when a TCP session closes
fixed in:
12.2(28.8) 12.2(28) 12.3(12.12)
And another good one to have is:
ip nat translation max-entries all-host <X>
that was added via:
CSCec16330
Internally found moderate defect: Resolved (R)
Request ability to limit per user NAT entries
so it should be in 12.3(14)T.
Rodney
On Fri, Apr 22, 2005 at 02:44:32PM +0100, Gary Roberton wrote:
> Hello all
>
> We have a 7206VXR serving NAT duties for a few of our customers. One
> of them seems to have a virus spreading and is causing a lot of NAT
> translations which is sending our routers processor through the roof!
> I need to clear the nat translations manually periodically at the
> moment. I have set IP NAT TRANSLATION TIMEOUT to 10 seconds but the
> translations never seem to clear on their own, has anyone seen this
> nat not clearing before? Or is there a way of setting a maximum
> ceiling on dynamic nat overloaded on an interface.
>
> Appreciate any help
>
> Regs
>
> Gary
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list