Re: IP NAT Ager Consuming 98% of CPU Pro from Shaughn Smith on 2010-09-20 (Ccielab archives 09/2010)

From: Shaughn Smith <maniac.smg_at_gmail.com>
Date: Mon, 20 Sep 2010 20:15:26 +0200

Can you do a sh ip nat statistics and send the output

CCIE # 23962 (SP)

Sent from my iPhone 3GS

On 20 Sep 2010, at 8:11 PM, karim jamali <karim.jamali_at_gmail.com> wrote:

> Thank You guys for your support. Below are the configurations:
>
> int gi0/1
> ip nat inside
>
> int dialer1
> ip nat outside
>
> ip nat inside source list BATAL-RUH-USERS interface Dialer1 overload
> ip nat inside source static 192.168.2.234 78.93.56.234
> ip nat inside source static 192.168.2.235 78.93.56.235
> ip nat inside source static 192.168.2.236 78.93.56.236
> ip nat inside source static 192.168.2.237 78.93.56.237
> ip nat inside source static 192.168.2.238 78.93.56.238
>
> Extended IP access list BATAL-RUH-USERS
> 10 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 (5 matches)
> 20 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
> 30 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
> 40 deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
> 50 permit ip 192.168.2.0 0.0.0.255 any (3091 matches)
>
>
> On Mon, Sep 20, 2010 at 8:11 PM, Jeferson Guardia <jefersonf_at_gmail.com>wrote:
>
>> Paste your configs here so we can advise you the best way to tune your nat
>> config, there are a few ways that you can limit the max nat entry value on a
>> router and this has showed to be quite useful in the past.
>>
>> Brgs,
>>
>> 2010/9/20 Shahid Ansari <shahid1357_at_gmail.com>
>>
>> This can be happen If you have many translation generated by third party
>>> programs or Virus.
>>> when you are enabled NAT ,dont allow any to any in access-list and make it
>>> more specific
>>> The best way to troubleshoot it by enabling netflow ...
>>> Can you post
>>> Show process Cpu
>>> Show nat translation
>>> show ip cache flow
>>>
>>> change default nat timeout value too..
>>>
>>> Thanks
>>> Shahid Ansari
>>>
>>>
>>>
>>> On Mon, Sep 20, 2010 at 7:46 PM, karim jamali <karim.jamali_at_gmail.com
>>>> wrote:
>>>
>>>> Dear Experts,
>>>>
>>>> I have faced a problem with one of the Routers at a customer site having
>>>> the
>>>> NAT Ager process consuming 98% of CPU. I am trying to understand the
>>>> reason,
>>>> however up till now I am not able.
>>>>
>>>> I would truly appreciate your input as I have 4 sites with the same
>>>> configuration and I haven't been able to spot the difference that caused
>>>> this problem.
>>>>
>>>> Thanks
>>>>
>>>> --
>>>> KJ
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
>
> --
> KJ
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 20 2010 - 20:15:26 ART

This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART