NAT port translation (overload) issues with Lotus Notes traffic from Mathew on 2011-09-20 (Ccielab archives 09/2011)

From: Mathew <mathewfer_at_gmail.com>
Date: Tue, 20 Sep 2011 17:48:47 +1000

Hi Guys,

I need some help to understand & fix a Lotus Notes replication failure but
not always. I suspect my PAT has some issues.
Lotus notes server on WAN side & clients on FastEthernet0/0 (user LAN).

I have this below NAT/PAT setup with overload (Port translation). I need to
fine tune timers involved in TCP port translation timers. The below output
of "sho ip nat translations verbose" shows timer of 24hrs.

1. Do I have to still use "ip nat translation port-timeout tcp 1352 xx" to
set the PAT (TCP port translation) timers?
2. Has anybody experience PAT issues with Lotus Notes? Any fix?

I also noticed two timeout values does not seems right.

!
interface serial0/0
description --- To WAN provider
ip address 10.30.1.1 255.255.255.252
ip nat outside
!
interface FastEthernet0/0
description --- To User LAN
ip address 10.10.2.1 255.255.255.0
ip nat inside
!
ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
!
ip access-list extended NAT-ACL
remark - Lotus Notes (tcp 1352)
permit tcp any gt 1023 any eq 1352
!

R3(config)#ip nat translation ?
  arp-ping-timeout Specify timeout for WLAN-NAT ARP-Ping
  dns-timeout Specify timeout for NAT DNS flows
  finrst-timeout Specify timeout for NAT TCP flows after a FIN or
RST
  icmp-timeout Specify timeout for NAT ICMP flows
  max-entries Specify maximum number of NAT entries
  port-timeout Specify timeout for NAT TCP/UDP port specific
flows
  pptp-timeout Specify timeout for NAT PPTP flows
  routemap-entry-timeout Specify timeout for routemap created half entry
  syn-timeout Specify timeout for NAT TCP flows after a SYN and
no further
                          data
  tcp-timeout Specify timeout for NAT TCP flows
  timeout Specify timeout for dynamic NAT translations
  udp-timeout Specify timeout for NAT UDP flows

R3(config)# sho ip nat translations verbose
Pro Inside global Inside local Outside local Outside global
tcp 10.10.2.1:1116 10.10.2.20:1116 10.50.2.1:1352 10.50.2.1:1352
    create 00:20:45, use 00:00:34 timeout:86400000, left 23:59:25,
Map-Id(In): 7,
    flags:
extended, use_count: 0, entry-id: 2009355, lc_entries: 0
tcp 10.10.2.1:1042 10.10.2.22:1988 10.50.2.1:1352 10.50.2.1:1352
    create 00:00:38, use 00:00:34 timeout:86400000, left 00:00:25,
Map-Id(In): 7,
    flags:
extended, timing-out, use_count: 0, entry-id: 2038456, lc_entries: 0

-- 
Thanks
Mathew
Blogs and organic groups at http://www.ccie.net

Received on Tue Sep 20 2011 - 17:48:47 ART

This archive was generated by hypermail 2.2.0 : Sat Oct 01 2011 - 07:26:25 ART