(ASCEND) Pipeline 50 NAT Problems

To: ascend-users@bungi.com
Subject: (ASCEND) Pipeline 50 NAT Problems
From: "Bill Sutton" <BSUTTON@hxcorp.com>
Date: Mon, 06 Mar 2000 14:01:17 -0500
Sender: owner-ascend-users@max.bungi.com

Hello All!

I'm am having some rather significant problems with single address network address translation (technically it's port address translation) on a customer's pipeline 50 router.  Details are below:

Customer has an internal e-mail server (Novell Groupwise 5.5) and has about 40 total employees with internet access.  The customers connected to the internet is over an ISDN BRI connection that is permanent - they have a static registered IP address assigned to them by their ISP.  I am aware that the NAT translation table in this device is limited to 500 translations, but when I issue the NAPT command at the debug prompt it indicates the following (the registered address has been modified to protect my customer):

NAPT_DYNA siz:500 = 217.144.109.3 (registered IP address assigned by the ISP)
defaultServer:0.0.0.0;
tunnelServer:0.0.0.0;
10.10.10.108:1627:0:0x6-23:55:13 = 2306
10.10.10.108:1628:21:0x6-*expired* = 2357
10.10.10.108:1629:0:0x6-*expired* = 2305
10.10.10.108:1630:0:0x6-*expired* = 2304
10.10.10.108:1631:0:0x6-23:55:16 = 2303
10.10.10.108:256:0:0x1-0:00:02 = 509
10.10.10.124:1086:56:0x11-*expired* = 2261
10.10.10.124:1087:80:0x6-*expired* = 2260
10.10.10.124:1088:80:0x6-*expired* = 2259
10.10.10.124:1089:53:0x11-*expired* = 2258
...continues for about 125 lines.
BUT there are usually only about 125 mappings listed.  What exactly does the 500 refered to next to siz: mean???

Also, how should I interpret the entries in the NAPT output?  Why is the above output for station 10.10.10.108 referring to a TCP port of 0 and setting the expiration at 19 - 24 hours??  I see this extended expiration on the .108 station frequently.

Finally, on many occasions the output from this command reflects the following (again registered IP address has been modified):
NAPT_DYNA: siz:500 = 217.144.109.3
defaultServer:0.0.0.0;
tunnelServer:0.0.0.0;
217.144.109.3:4527:27374:0x6-21:56:41 = 4511
217.144.109.3:4526:27374:0x6-21:56:41 = 4510
217.144.109.3:4525:27374:0x6-21:56:41 = 4509
217.144.109.3:4524:27374:0x6-21:56:41 = 4508
217.144.109.3:4523:27374:0x6-21:56:41 = 4507
217.144.109.3:4522:27374:0x6-21:56:41 = 4506
217.144.109.3:4521:27374:0x6-21:56:41 = 4505
217.144.109.3:4520:27374:0x6-21:56:41 = 4504
217.144.109.3:4519:27374:0x6-21:56:41 = 4503
217.144.109.3:4518:27374:0x6-21:56:41 = 4502
217.144.109.3:4517:27374:0x6-21:56:41 = 4501
217.144.109.3:4516:27374:0x6-21:56:41 = 4500
10.10.10.108:1681:0:0x6-20:26:15 = 2559
..and so on...
When siz:500 and all of the entries in the NAPT table look like the above, the customer can no longer access the internet until the router is manually hung up and re-connects.  Also, sometimes in this situation there are actually other registered addresses from various domains in the above table.  How can the router do NAT translations on legal addresses which populate this table?

I have spoken with Lucent/Ascend Tech support and the customers ISP on numerous occasions without success.  I've even replaced the router with another known good model.  I'm at my wits end since I have other customers with the same or similar setups with the same ISP who are not experiencing this problem.  ANY help you can provide or reference to material which may help will be MOST appreciated!!

Bill Sutton
Systems Engineer
Halifax Technology Services
Charleston, SC
bsutton@hxcorp.com

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) using PPTP on our max2000
Next by Date: (ASCEND) Max 6000 series ... can allow more than 72 digital modems?
Prev by thread: Re: (ASCEND) using PPTP on our max2000
Next by thread: (ASCEND) Max 6000 series ... can allow more than 72 digital modems?
Index(es):
- Date
- Thread