RE: NAt oh NAT

From: Jay Hennigan (jay@west.net)
Date: Sat Sep 21 2002 - 13:43:30 GMT-3

• Next message: Brian Dennis: "RE: I finally did it!! #10267"
• Previous message: ying c: "flapping ospf virtual link over isdn"
• Maybe in reply to: IMO ETUK: "NAt oh NAT"
• Next in thread: Chuck Church: "RE: NAt oh NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sat, 21 Sep 2002, Imo Etuk wrote:

> Jay,
>
> Thanks for responding to this but i already tweaked the timers
>
> > ip nat translation timeout 180
> > ip nat translation tcp-timeout 300
> > ip nat translation udp-timeout 30
> > ip nat translation finrst-timeout 15
> > ip nat translation dns-timeout 15

It could still be the bug I referenced if you've got a machine behind
it that's infected with code red or otherwise generating thousands of
translations.

* When you clear ip nat translations * does the CPU drop and then ramp
   back up?

* Does "show ip nat translations" show an inordinately large number of
   translations coming from a single host or small group to destination
   port 80 (or some other unusually large number of translations)? Look
   at it both before and immediately after you clear them, see if it ramps
   up quickly.

* What IOS version, full value?

> Warning : The information contained in this message may be privileged and
> confidential and protected from disclosure. If the reader of this message is
> not the intended recipient, you are hereby notified that any dissemination,
> distribution or copying of this communication is strictly prohibited. If you
> have received this communication in error, please notify the sender
> immediately by replying to this message and then delete it from your
> computer.

NOTICE: This communication may contain confidential and/or privileged
information. If you are not the intended recipient, or believe that you
have received this communication in error, you are obligated to kill
yourself and anyone else who may have read it. So there. My disclaimer
is scarier than yours. Nyaah. You started this silly nonsense. Knock
it off and I will too, ok? It's worthless from a legal standpoint, makes
you look really clueless, and is a waste of CPU cycles. Nobody reads it
anyway. You're not actually reading this, are you? I didn't think so.

-- 
Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net
NetLojix Communications, Inc.  -  http://www.netlojix.com/
WestNet:  Connecting you to the planet.  805 884-6323

• Next message: Brian Dennis: "RE: I finally did it!! #10267"
• Previous message: ying c: "flapping ospf virtual link over isdn"
• Maybe in reply to: IMO ETUK: "NAt oh NAT"
• Next in thread: Chuck Church: "RE: NAt oh NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:59 GMT-3