Cisco NAT Timer Issue

ray

For a while now i've been having these rather strange connectivity issues at home where occasionally I wouldn't be able to access some websites, but others would work and it wasn't all devices at the same time either. It was very random. I had a look at my PA and couldn't see anything that stood out at first as to what may be causing the issues. This had been going on randomly over a couple of weeks and the issue would come and go within 5 minutes so I only had a short window of time to investigate while the issue was happening. I got lucky one morning when I eventually worked out that the websites I could access, were mostly IPv6. Once again I jumped back onto the firewall and this time i noticed that I could see the IPv4 traffic on the inside, but not the outside. Very strange. I then logged into my router and found these log entries. 

240468: Jul 15 06:28:43.759 AEST: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000969972599601880 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
240469: Jul 15 06:28:49.087 AEST: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000969977927429280 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
240470: Jul 15 06:28:54.685 AEST: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000969983525360400 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
240471: Jul 15 06:28:59.752 AEST: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000969988591819840 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
240472: Jul 15 06:29:05.306 AEST: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000969994145654840 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped

I then ran a show ip nat trans total and found that I had maxed out the NAT translation pool

WRMEMRT1#sh ip nat trans tot
Total number of translations: 16391

Never before would I have thought that this would be possible but I guess with the number of people and devices in my house, gaming, watching youtube, tiktok etc all at the same time, it finally happened. I did look into this more though and found that the default timeout for NAT translations on Cisco devices is 24 hours which seems a bit excessive really. Luckily, this is configurable and once I altered the timers, the number of NAT translations dropped back to something much more reasonable.

WRMEMRT1(config)#ip nat trans tcp-t 500
WRMEMRT1(config)#ip nat trans udp-ti 60
WRMEMRT1(config)#ip nat trans dns-tim 30
WRMEMRT1(config)#ip nat trans icmp-tim 30
WRMEMRT1(config)#ip nat trans finr 30
WRMEMRT1(config)#ip nat trans syn-ti 30
WRMEMRT1(config)#end
WRMEMRT1#clear ip nat trans *
WRMEMRT1#sh ip nat trans tot 
Total number of translations: 139

After making those changes, I haven't had an issue since and my NAT translations are staying at a much more expected/reasonable level. 

Tags
MY_BLOG

Add new comment

About text formats