Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

%Static entry in use, cannot remove

3,096 views
Skip to first unread message

Alexis Crawford

unread,
May 26, 2002, 4:36:59 PM5/26/02
to
Hello,

I want to remove a NAT statement from my router and I cannot because
according to Cisco:
Dynamic NAT creates active translation entries in a table when a packet
crosses from an IP NAT inside interface to an IP NAT outside interface, or
vice versa. If there is a matching translations entry, then " %Pool outpool
in use, cannot destroy" or "%Dynamic Mapping in Use, Cannot remove" error
messages are respectively echoed on the console. The solution is to remove
NAT and reconfigure it.

Out of curiosity I keyed in the command show ip nat translation and it gave
me this:

Pro Inside global Inside local Outside local Outside global

tcp 24.201.135.102:1140 192.168.0.2:1140 207.46.226.17:80
207.46.226.17:80

tcp 24.201.135.102:1115 192.168.0.2:1115 216.138.240.249:80
216.138.240.249:80

tcp 24.201.135.102:1520 192.168.0.2:1520 157.206.2.34:80 157.206.2.34:80

tcp 24.201.135.102:1521 192.168.0.2:1521 157.206.2.34:80 157.206.2.34:80

From what I understand of this is the Inside local is one of my computers ip
address that cannot be routed to the Internet. The inside Global is the IP
address of the inside host which is a computer on the LAN, as it appears to
the outside world. The Outside global is an IP address assigned to lets say
Cisco but what on earth is Outside Local? I keyed in http://157.206.2.34 and
a page appeared stating that the page could not be found. Could someone
please clarify this for me because I simply do not understand it at all.

Much appreciated ,

Alexis


Steven A. Ridder

unread,
May 26, 2002, 4:53:32 PM5/26/02
to
unplug or shut down inside interface, then do clear ip nat tran *

--

RFC 1149 Compliant.

"Alexis Crawford" <acra...@sss.com> wrote in message
news:RHbI8.6868$l25.3...@weber.videotron.net...

Francois Labreque

unread,
May 26, 2002, 5:39:13 PM5/26/02
to

Alexis Crawford wrote:

> Hello,
>
> I want to remove a NAT statement from my router and I cannot because
> according to Cisco:
> Dynamic NAT creates active translation entries in a table when a packet
> crosses from an IP NAT inside interface to an IP NAT outside interface, or
> vice versa. If there is a matching translations entry, then " %Pool outpool
> in use, cannot destroy" or "%Dynamic Mapping in Use, Cannot remove" error
> messages are respectively echoed on the console. The solution is to remove
> NAT and reconfigure it.


You need to stop it from being used beofre you can remove it. There are
many ways to acheive this:
- Shut down the outside interface.
- Block the user with an access-list.
- Hunt down the user and render him unconscious.
- etc...

>
> Out of curiosity I keyed in the command show ip nat translation and it gave
> me this:
>
> Pro Inside global Inside local Outside local Outside global
>
> tcp 24.201.135.102:1140 192.168.0.2:1140 207.46.226.17:80
> 207.46.226.17:80
>
> tcp 24.201.135.102:1115 192.168.0.2:1115 216.138.240.249:80
> 216.138.240.249:80
>
> tcp 24.201.135.102:1520 192.168.0.2:1520 157.206.2.34:80 157.206.2.34:80
>
> tcp 24.201.135.102:1521 192.168.0.2:1521 157.206.2.34:80 157.206.2.34:80
>
> From what I understand of this is the Inside local is one of my computers ip
> address that cannot be routed to the Internet. The inside Global is the IP
> address of the inside host which is a computer on the LAN, as it appears to
> the outside world. The Outside global is an IP address assigned to lets say
> Cisco but what on earth is Outside Local? I keyed in http://157.206.2.34 and
> a page appeared stating that the page could not be found. Could someone
> please clarify this for me because I simply do not understand it at all.


Your understanding is perfectly fine. Those extra connections to
157.206.2.34 are probably ads on the web page that user is browsing.

The fact that you could not display a valid web page when trying to
access them is irrelevant. The valid URL probably contains
subdirectories or other information.


--
Francois Labreque | It's a combination of several fetishes:
flabreque | industrial robotics, female anatomy, and
@ | fluorescent light in that order.
videotron.ca | - Chris Cunningham


Alexis Crawford

unread,
May 26, 2002, 9:11:58 PM5/26/02
to
It worked. Just had to input the commant: clear ip nat tran * (without
shutting down the interface) .
So the Outside local address is assigned to some host on the internet then?
Is this correct?

Thank you very much!


"Francois Labreque" <flab...@videotron.ca> wrote in message
news:3CF15601...@videotron.ca...

Robert Smales

unread,
May 27, 2002, 7:50:34 AM5/27/02
to
Alexis Crawford wrote:

> It worked. Just had to input the commant: clear ip nat tran * (without
> shutting down the interface) .
> So the Outside local address is assigned to some host on the internet
> then? Is this correct?

Bear in mind that NAT *can* work both ways (altho' I've never seen the
translation of incoming source addresses in the real world). "Outside
local" and "outside global" are usually the same but if you had configured
your router to translate incoming packets from 216.138.240.249 to
172.16.0.249, you would see:

Pro Inside global inside local Outside local Outside global
tcp 24.201.235.102:1115 192.168.0.2:1115 172.16.0.249:80 216.138.240.17:80

This way your 192.168.0.2 box would think it was talking to 172.16.0.249
but the router would know its true identity.

Robert

0 new messages