Sorry, I should have mentioned, There are 3 NATS on this box, A Global NAT and two specific NATS directed at some telco and another telco. (They like to be difficult) On Fri, 2008-09-26 at 12:58 +1200, Chris Hodgetts wrote:
Hello,
We are having some issues with our very basic Cisco configuration, that we cant seem to track down.
(Random disconnections to only one host)
I am not sure if this is the right forum, so if you believe it's not please stop reading.
If you notice something obviously wrong with the config snippet at the bottom, please advise, and a beer is on offer.
If you need more information than what was is provided below, and you would be keen to give up some of your valuable time for beer, please contact me off list.
If you are still reading then you clearly do think this might be an appropriate place for questions of this nature, here goes the config snippet.
All comments off list.
-----------------------------------------------------------------------
Currently we have the following:
ip nat pool ST_NAT_POOL 192.168.202.74 192.168.202.74 prefix-length 24
ip nat inside source route-map ST_NAT_MAP pool ST_NAT_POOL overload
access-list 164 remark Some Telco (NAT) access-list 164 permit ip 192.168.254.0 0.0.0.255 1.2.3.0 0.0.0.255 access-list 164 permit ip 123.12.123.0 0.0.0.224 1.2.3.0 0.0.0.255
route-map ST_NAT_MAP permit 100 match ip address 164
We do some NAT on packets heading to some telco that go out our default route, and our ISP does some magic.. more info if needed.
We had the following line in and the problem was still there however Cisco said it was bad, so we removed it and replaced it with the above explicit hosts, but the problem still appears.
access-list 164 permit ip any 1.2.3.0 0.0.255
Basically we get random disconnections, but only to this Some Telco we have other connections to other telco's that are OK, these are natted, but are talking direct to a public IP, or are VPN'ed.
This configuration is on a replacement Cisco, the old Cisco, with a very similar config, works fine, but has other issues which is why we need to replace it.
Thanks and any comments please off list.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog