 |
В качестве пограничного маршрутизатора между интернетом и локальной сетью стоит cisco, на которой настроены пробросы некоторых портов (в частности rdp) с внешнего ip-адреса, на ip внутренних хостов. При попытке удаления такой статической трансляции адресов в NAT cisco, выскочила ошибка:%: Error: static entry still in use, cannot remove. |
Вот так осуществляется трансляция с порта 3388 внешнего ip-адреса 12.34.56.78 на внутренний хост 10.0.100.8, порт rdp:
router#sh run | sec extendable router#ip nat inside source static tcp 10.0.100.8 3389 12.34.56.78 3388 extendable
При удалении этой трансляции сквозь NAT и появилась вышеуказанная ошибка:
router(config)#no ip nat inside source static tcp 10.0.100.8 3389 12.34.56.78 3388 extendable Static entry in use, do you want to delete child entries? [no]: yes %: Error: static entry still in use, cannot remove
Для устранения этого недоразумения необходимо очистить все динамические трансляции командой clear ip nat translation *, после чего первоначальная задача выполнится без ошибки:
router(config)#do clear ip nat tra * router(config)#no ip nat inside source static tcp 10.0.100.8 3389 12.34.56.78 3388 extendable Static entry in use, do you want to delete child entries? [no]: yes router(config)#
Содержание
- Ошибка при удалении статической трансляции Дневник Максим Боголепов
- Ошибка при удалении статической трансляции
- 2 комментариев
- Can’t remove IP NAT entries on Cisco router: %Static entry in use, cannot remove
- Static entry in use cannot remove
- Monday, May 08, 2006
- Cisco — NAT Errors — Static entry in use, cannot remove
- Ошибка при удалении статической трансляции
- 2 комментариев
- How to Change the Dynamic NAT Configuration
- Available Languages
- Download Options
- Bias-Free Language
- Contents
- Introduction
- Prerequisites
- Requirements
- Components Used
- Conventions
- Problem Description
- Solutions
- Using the clear ip nat translation Command
- Disabling NAT on the Router
- Stopping Traffic that Causes Translations
- Summary
- Cisco 870 Remove port forward error — Static entry in use, do you want to delete child entries?
Ошибка при удалении статической трансляции Дневник Максим Боголепов
Ошибка при удалении статической трансляции
 |
В качестве пограничного маршрутизатора между интернетом и локальной сетью стоит cisco, на которой настроены пробросы некоторых портов (в частности rdp) с внешнего ip-адреса, на ip внутренних хостов. При попытке удаления такой статической трансляции адресов в NAT cisco, выскочила ошибка: %: Error: static entry still in use, cannot remove . |
Вот так осуществляется трансляция с порта 3388 внешнего ip-адреса 12.34.56.78 на внутренний хост 10.0.100.8, порт rdp:
При удалении этой трансляции сквозь NAT и появилась вышеуказанная ошибка:
Для устранения этого недоразумения необходимо очистить все динамические трансляции командой clear ip nat translation * , после чего первоначальная задача выполнится без ошибки:
Rating: 3.9/5(10 votes cast)
2 комментариев
Вредный совет, командой
clear ip nat translation *
Епнутся все нат сессии
Источник
Can’t remove IP NAT entries on Cisco router: %Static entry in use, cannot remove
Posted by shands on Sunday, July 19, 2009 · 1 Comment
While removing IP NAT entries on a busy Cisco router – you’ll probably end up with this problem:
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
So what it is? Well, as the errors suggests, the rule is currently being used and as such can’t be changed (in this particular instance, there were a few active SMTP connections). On busy routers, this activity sometimes cannot be helped!
So how do you get around it? Well the first way is simply to wait for a lul in the traffic! When this isn’t possible, you can try clearing current IP NAT dynamic translations: (NB: Be quick!)
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
phbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.4 25 interface FastEthernet1/0 25
phbrtr(config)#
If this still doesn’t work (note that once you’ve issued the clear ip nat command – any new packets will create a new nat entry – hence ‘Be quick’!), you will to stop nat for a while to allow you to remove the translation:
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
phbrtr(config)#interface FastEthernet0/0
phbrtr(config-if)#no ip nat inside
phbrtr(config-if)#exit
phbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#no ip nat outside
phbrtr(config-if)#exit
phbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
phbrtr(config)#interface FastEthernet0
phbrtr(config-if)#ip nat inside
phbrtr(config-if)#exit
phbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#ip nat outside
phbrtr(config-if)#exit
This demo removes IP NAT from both inside and outside interfaces – but you could try to removing it from just one (for ease) – but it will obviously depend on your setup.
Are you looking to learn more about Cisco equipment? Well, here’s a selection of a few books that I’ve found useful over the years:
Источник
Static entry in use cannot remove
Monday, May 08, 2006
Cisco — NAT Errors — Static entry in use, cannot remove
If you get this error «Static entry in use, cannot remove» when trying to remove a static NAT entry on a Cisco router, you need to clear the translations table first.
You should then be able to remove the static entry, but you will have to do this pretty quickly as any activity on that port (inbound or outbaound) will bring the translation back up.
The easiest way to do this is to cut and then paste the four or so commands in one go:
clear ip nat translation *
conf t
no ip nat inside source static tcp 192.168.1.10 6881 interface Dialer0 6881
exit
Ошибка при удалении статической трансляции
|
В качестве пограничного маршрутизатора между интернетом и локальной сетью стоит cisco, на которой настроены пробросы некоторых портов (в частности rdp) с внешнего ip-адреса, на ip внутренних хостов. При попытке удаления такой статической трансляции адресов в NAT cisco, выскочила ошибка: %: Error: static entry still in use, cannot remove . |
Вот так осуществляется трансляция с порта 3388 внешнего ip-адреса 12.34.56.78 на внутренний хост 10.0.100.8, порт rdp:
При удалении этой трансляции сквозь NAT и появилась вышеуказанная ошибка:
Для устранения этого недоразумения необходимо очистить все динамические трансляции командой clear ip nat translation * , после чего первоначальная задача выполнится без ошибки:
Rating: 3.9/5(10 votes cast)
2 комментариев
Вредный совет, командой
clear ip nat translation *
Епнутся все нат сессии
Posted by shands on Sunday, July 19, 2009 · 1 Comment
While removing IP NAT entries on a busy Cisco router – you’ll probably end up with this problem:
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
So what it is? Well, as the errors suggests, the rule is currently being used and as such can’t be changed (in this particular instance, there were a few active SMTP connections). On busy routers, this activity sometimes cannot be helped!
So how do you get around it? Well the first way is simply to wait for a lul in the traffic! When this isn’t possible, you can try clearing current IP NAT dynamic translations: (NB: Be quick!)
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
phbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.4 25 interface FastEthernet1/0 25
phbrtr(config)#
If this still doesn’t work (note that once you’ve issued the clear ip nat command – any new packets will create a new nat entry – hence ‘Be quick’!), you will to stop nat for a while to allow you to remove the translation:
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
phbrtr(config)#interface FastEthernet0/0
phbrtr(config-if)#no ip nat inside
phbrtr(config-if)#exit
phbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#no ip nat outside
phbrtr(config-if)#exit
phbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
phbrtr(config)#interface FastEthernet0
phbrtr(config-if)#ip nat inside
phbrtr(config-if)#exit
phbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#ip nat outside
phbrtr(config-if)#exit
This demo removes IP NAT from both inside and outside interfaces – but you could try to removing it from just one (for ease) – but it will obviously depend on your setup.
Are you looking to learn more about Cisco equipment? Well, here’s a selection of a few books that I’ve found useful over the years:
Источник
How to Change the Dynamic NAT Configuration
Available Languages
Download Options
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
Introduction
Sometimes you receive these messages when you change the Network Address Translation (NAT) configuration:
Dynamic mapping in use, cannot remove
Dynamic mapping in use, do you want to delete all entries?
%Pool outpool in use, cannot destroy
This document demonstrates how to change the NAT configuration if you receive these messages on the console.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
Conventions
For more information on document conventions, refer to Cisco Technical Tips Conventions.
Problem Description
Dynamic NAT creates active translation entries in a table when a packet crosses from an IP NAT inside interface to an IP NAT outside interface, or vice versa. This dynamic NAT entry can be seen using the show ip nat translation command. Cisco IOS ® software checks for any existing active NAT translations in the translations table when either of these existing dynamic NAT configurations is removed:
no ip nat pool name
no ip nat source pool name [overload] | static local-ip global-ip >
If a translation entry matches, then the %Dynamic Mapping in Use, Cannot remove message or the %Pool outpool in use, cannot destroy message are respectively echoed on the console.
Solutions
The reason you receive these error messages is because you are trying to change part of a NAT configuration that is responsible for creating dynamic translations that still exist in the translation table. In order to change the NAT configuration in this situation, you need to clear the table of translations that are being used before the change is accepted. Sometimes this is not easy because the router configured with NAT may be continuously receiving packets that create translations in the table; this can happen so quickly that you don’t have time to change the configuration.
Using the clear ip nat translation Command
This solution involves clearing the IP NAT translations using the clear ip nat translation command, and then replacing the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. To do this, create a script with the configuration commands written in a text format. For example:
Once you have the script, cut and paste the script into the router enable mode (Router#).
Note: This may take more than one try since it is still possible that the router will create a translation after the translation has been cleared.
Disabling NAT on the Router
This solution involves disabling NAT on the router so that it cannot create any more NAT translations. Do this by removing the ip nat inside or ip nat outside commands on the interfaces. Then clear the translation table and change the configuration.
Follow these steps to use this solution:
Use the no ip nat command to disable future translations from taking place.
Use the clear ip nat translation command to clear IP NAT translations.
Change the NAT configuration.
Restore the NAT arguments with the ip nat configuration command.
Stopping Traffic that Causes Translations
This solution involves stopping the traffic that is causing the NAT router to create translations. Do this by either accessing the device that is sending the packets and disabling it, or by creating inbound access lists on the NAT router, denying traffic from sources that are sending the packets. Refer to Configuring IP Services for more information on filtering packets.
Summary
This Tech Note has demonstrated a few ways to work around the problem of not being able to change the NAT configuration due to active dynamic NAT translations in the translation table. There may be other ways, but in any case, the NAT translation table must be clear of any dynamic translations that resulted from the NAT configuration before the NAT configuration can be changed. Refer to Verifying NAT Operation and Basic NAT Troubleshooting for more troubleshoot information on NAT related issues.
Источник
Cisco 870 Remove port forward error — Static entry in use, do you want to delete child entries?
I am trying to remove a port forwarding rule from a Cisco 870 router but am getting an error message as below:-
Static entry in use, do you want to delete child entries? [no]: no
What does this error message mean and what would the change to the configuration would result result from typing yes.
Excerpt from configuration below:-
ip classless
ip route 0.0.0.0 0.0.0.0 80.76.x.x
ip route 10.100.0.0 255.255.255.0 Tunnel2
ip route 10.100.2.0 255.255.255.0 Tunnel8
ip route 10.100.3.0 255.255.255.0 Tunnel1
ip route 10.100.10.0 255.255.255.0 Tunnel5
ip route 10.100.11.0 255.255.255.0 10.100.0.248
ip route 10.100.20.0 255.255.255.0 Tunnel0
ip route 10.100.30.0 255.255.255.0 Tunnel4
ip route 10.100.40.0 255.255.255.0 Tunnel9
ip route 10.100.50.0 255.255.255.0 Tunnel7
ip route 10.100.60.0 255.255.255.0 Tunnel6
ip route 10.100.70.0 255.255.255.0 Tunnel3
!
no ip http server
no ip http secure-server
ip nat inside source list 103 interface FastEthernet4 overload
ip nat inside source static tcp 10.100.100.1 25 80.76.x.x 25 extendable
ip nat inside source static tcp 10.100.100.1 80 80.76.x.x 80 extendable
ip nat inside source static tcp 10.100.100.1 443 80.76.x.x extendable
ip nat inside source static tcp 10.100.100.1 1352 80.76.x.x 1352 extendable
ip nat inside source static tcp 10.100.100.1 1533 80.76.x.x 1533 extendable
ip nat inside source static tcp 10.100.100.1 1723 80.76.x.x 1723 extendable
!
access-list 102 permit ip any any
access-list 103 permit ip 10.100.0.0 0.0.255.255 any
snmp-server community positive RO
no cdp run
I can post the full configuration if required but some pointers would be appreciated as to what this error message means.
I suspect the problem is to do with the extendable option on the ip nat inside command.
What is the output of a show ip nat translations?
Thanks for replying
Output below as requested. When I googled this error it mentioned running:-
clear ip nat translation * to clear the ip nat translation table (?) and then removing the line from the config.
If I’ve understood it right the error means the rule is in use and cannot be removed. Correct?
Источник
Содержание:
- 1 Monday, May 08, 2006
- 1.1 Cisco — NAT Errors — Static entry in use, cannot remove
- 2 Ошибка при удалении статической трансляции
-
- 2.0.1 2 комментариев
-
Monday, May 08, 2006
Cisco — NAT Errors — Static entry in use, cannot remove
If you get this error «Static entry in use, cannot remove» when trying to remove a static NAT entry on a Cisco router, you need to clear the translations table first.
You should then be able to remove the static entry, but you will have to do this pretty quickly as any activity on that port (inbound or outbaound) will bring the translation back up.
The easiest way to do this is to cut and then paste the four or so commands in one go:
clear ip nat translation *
conf t
no ip nat inside source static tcp 192.168.1.10 6881 interface Dialer0 6881
exit
Ошибка при удалении статической трансляции
|
В качестве пограничного маршрутизатора между интернетом и локальной сетью стоит cisco, на которой настроены пробросы некоторых портов (в частности rdp) с внешнего ip-адреса, на ip внутренних хостов. При попытке удаления такой статической трансляции адресов в NAT cisco, выскочила ошибка: %: Error: static entry still in use, cannot remove . |
Вот так осуществляется трансляция с порта 3388 внешнего ip-адреса 12.34.56.78 на внутренний хост 10.0.100.8, порт rdp:
При удалении этой трансляции сквозь NAT и появилась вышеуказанная ошибка:
Для устранения этого недоразумения необходимо очистить все динамические трансляции командой clear ip nat translation * , после чего первоначальная задача выполнится без ошибки:
- Currently 3.90/5
- 1
- 2
- 3
- 4
- 5
Rating: 3.9/5(10 votes cast)
2 комментариев
Вредный совет, командой
clear ip nat translation *
Епнутся все нат сессии
Posted by shands on Sunday, July 19, 2009 · 1 Comment
While removing IP NAT entries on a busy Cisco router – you’ll probably end up with this problem:
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
So what it is? Well, as the errors suggests, the rule is currently being used and as such can’t be changed (in this particular instance, there were a few active SMTP connections). On busy routers, this activity sometimes cannot be helped!
So how do you get around it? Well the first way is simply to wait for a lul in the traffic! When this isn’t possible, you can try clearing current IP NAT dynamic translations: (NB: Be quick!)
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
phbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.4 25 interface FastEthernet1/0 25
phbrtr(config)#
If this still doesn’t work (note that once you’ve issued the clear ip nat command – any new packets will create a new nat entry – hence ‘Be quick’!), you will to stop nat for a while to allow you to remove the translation:
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove
phbrtr(config)#interface FastEthernet0/0
phbrtr(config-if)#no ip nat inside
phbrtr(config-if)#exit
phbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#no ip nat outside
phbrtr(config-if)#exit
phbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
phbrtr(config)#interface FastEthernet0
phbrtr(config-if)#ip nat inside
phbrtr(config-if)#exit
phbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#ip nat outside
phbrtr(config-if)#exit
This demo removes IP NAT from both inside and outside interfaces – but you could try to removing it from just one (for ease) – but it will obviously depend on your setup.
Are you looking to learn more about Cisco equipment? Well, here’s a selection of a few books that I’ve found useful over the years:
Can’t remove IP NAT entries on Cisco router: %Static entry in use, cannot remove
While removing IP NAT entries on a busy Cisco router – you’ll probably end up with this problem:
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot removephbrtr(config)#
So what it is? Well, as the errors suggests, the rule is currently being used and as such can’t be changed (in this particular instance, there were a few active SMTP connections). On busy routers, this activity sometimes cannot be helped!
So how do you get around it? Well the first way is simply to wait for a lul in the traffic! When this isn’t possible, you can try clearing current IP NAT dynamic translations: (NB: Be quick!)
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot removephbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.4 25 interface FastEthernet1/0 25
phbrtr(config)#
If this still doesn’t work (note that once you’ve issued the clear ip nat command – any new packets will create a new nat entry – hence ‘Be quick’!), you will to stop nat for a while to allow you to remove the translation:
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot removephbrtr(config)#interface FastEthernet0/0
phbrtr(config-if)#no ip nat inside
phbrtr(config-if)#exitphbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#no ip nat outside
phbrtr(config-if)#exitphbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25phbrtr(config)#interface FastEthernet0
phbrtr(config-if)#ip nat inside
phbrtr(config-if)#exitphbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#ip nat outside
phbrtr(config-if)#exit
This demo removes IP NAT from both inside and outside interfaces – but you could try to removing it from just one (for ease) – but it will obviously depend on your setup.
Are you looking to learn more about Cisco equipment? Well, here’s a selection of a few books that I’ve found useful over the years:
 Cisco: A Beginner’s Guide |
 CCNA – Cisco Certified Network Associate Study Guide |
 Cisco Networking for Dummies |
 Cisco IOS in a Nutshell – O’Reilly |
Removing static nat entries from a Cisco router sometimes generates the error:
|
%Static entry in use, cannot remove |
This can be reliably overcome by stopping all inside and outside nat before removing the entry. This procedure is shown below.
However, I have always been able to remove the entry by clearing the current nat translations, then immediately removing the nat entry before another translation can be initiated. I managed this by typing the appropriate commands into a text editor, then copying and pasting them into the Cisco router terminal session, having entered config term to get to the (config)# prompt. Sometimes it takes a few tries to get the no ip nat directive executed before a new translation is initiated.
Here is a sample of the text I copy and paste. (Make sure you include the carriage-return at the end of the second line of text you copy, so the second line gets executed immediately when pasted.)
|
do clear ip nat translation * no ip nat inside source static tcp 192.168.17.175 80 interface Dialer1 80 |
If you can’t seem to get the “no ip nat” directive executed before a new translation is initiated, here is the full procedure. (Beware trying to do this via a connection that itself relies on a nat translation – your connection will drop.)
|
config term interface vlan1 no ip nat inside exit interface Dialer1 no ip nat outside exit do clear ip nat translation forced no ip nat inside source static tcp 192.168.17.175 80 interface Dialer1 80 interface vlan1 ip nat inside exit interface Dialer1 ip nat outside exit exit |
Of course, once you’ve removed the static entry successfully, you can copy the current configuration to the startup configuration:
|
copy running—config startup—config |
-
-
oldayn 😟pessimistic December 23 2009, 13:32
oldaynЯ, наверное, совсем тупой, но прошу «помощи зала»:
router#sh ip nat translations | include 192.168.14.1 --- 78.37.71.129 192.168.14.1 --- --- router#clear ip nat translation inside 78.37.71.129 192.168.14.1 %Translation not dynamic router#conf t router(config)#no ip nat inside source static 192.168.14.1 78.37.71.129 forced %: Error: static entry still in use, cannot remove router(config)#ip nat inside source static 192.168.20.1 78.37.71.129 % similar static entry (192.168.14.1 -> 78.37.71.129) already exists
Как решить эту казалось бы элементарную задачу замены одного внутреннего адреса на другой в трансляции? Я могу подготовить конфиг, залить его в startup-config и заребутиться, но мало того что жаль router uptime is 46 weeks, 2 hours, 6 minutes, так ещё и пользователей жалко, ну и неправильно это как-то.
Update: проблема решена, no ip nat inside, no ip nat outside на интерфейсах на вермя удаления помогло, но всё равно это как-то извращенно…