[c-nsp] NAT timeout
Rodney Dunn
rodunn at cisco.com
Thu Oct 2 21:20:45 EDT 2008
The only solution is to hook an EEM applet to that IP SLA probe
/track as a trigger and do "clear ip nat trans *" when the failover
and recovery happens.
It's because of the way the translation is used in the forwarding path
over the FIB table after the reconvergence.
Rodney
On Thu, Oct 02, 2008 at 02:26:04PM -0700, Alex Wa wrote:
> Hi guys,
>
> We have a router configured to work with 2 ISPs, one of them through a satelite link. This particular link is beeing monitored with a ip sla and track commands. when this link fails the default route is deleted automatically form the routing table, and the backup default route is then installed. We also use automatic nat failover. The problem is that some inside servers that always go to the same destination IP/PORT get NATed in the moment the backup link is up, and when the primary comes up they go to the internet with the source address equal to the backup outside interface. this NAT "lease" stays for days beacuse this particular servers are doing icmp every 10 seconds. that causes asymetric routing, packets going out through one link and returning through the other. When we flush NAT translations everything returns to normal, of course, but we don't want to have to do it manually. the question is? do we need to reduce NAT icmp timeout to less than
> 10 seconds or there is another solution?. I can provide the config if you guys need it.
>
> regards,
> Alejandro wainshtok
>
>
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list