I m facing a strange issue regarding the NAT. The problem statement is as below
NAT configured on 3845 with 12.4.24 T ADV ENT SERVICES - Have got 64 /25 inside subnets to do the nat with 64 Live IP's. one each for /25 inside subnet. - I checked the processes and memory on freshly loaded router which comes out to be 49 MB of free memory. - started the NAT on router with 8 of /25 inside ip pool with policy NAT to 8 live IP's. The router withing 3 hours hanged due to no availability of free memory. Rebooted it and removed the NAT. - Checked Cisco website for NAT it says 312 bytes per translation that gives us around 3 MB for 10000 translations. Checked the logs and found peak translation only to be 15000. - Found that problem was NAT ACL with any statement in destination portion ( extended one). Changed it with standard ACL with no any statement. - Reviewed and resumed the NAT on router. it works now but it uses around 20 MB of memory for just 10000 translation entries. - Checked the UDP, TCP and ICMP timeout .... Limited UDP to 4 Mins. TCP to 25 Mins and ICMP- 5 Mins. was able to free only 2 MB of so from 20 MB. - Changed the IOS from ADV ent services to IP base to get rid of unwanted processess and services as main AIM of this router is to run NAT. - Freshly loaded router gave me 120 MB of free space and was happy now to test out the things. - Againg started the NAT for 8 pools of /25 inside subnet with 8 live IP's ( Policy nat ). - At 25000 translations it eats up memory of around 24 MB. - Turned of Virtual Reassembly as it was reaching to thresold very often. - Migrated another 8 pools of /25 which comes to total of 16 /25 Inside subnets and free memory left to 64 MB. with the peak translation upto 42000 and active translation to 15000 on an average. - It often gives the I/O memory errors too ( with only 16 /25 Pools configured on it). - All this stuff works fine with Netscreen firewall overloaded with only 4 IP's for all 64 /25 pools. ..... ( Is netscreen had an edge over cisco when it comes to NAT ...._?? ) I wonder..! If Cisco says that only 312 bytes are required for storing a single translation Why i m not able to free my DRAM memory. Tried my luck with everything. Need some expert advice on this to figure out the High Memory usage of NAT.... NOTE : Only default router and no other services are used on router apart from Netflow Thanks in Advance Regards Ronnie _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/