phirebird

Can’t remove IP NAT entries on Cisco router: %Static entry in use, cannot remove

Posted by on July 19, 2009 · 1 Comment 

While removing IP NAT entries on a busy Cisco router – you’ll probably end up with this problem:

phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove

phbrtr(config)#

So what it is? Well, as the errors suggests, the rule is currently being used and as such can’t be changed (in this particular instance, there were a few active SMTP connections). On busy routers, this activity sometimes cannot be helped!

So how do you get around it? Well the first way is simply to wait for a lul in the traffic! When this isn’t possible, you can try clearing current IP NAT dynamic translations: (NB: Be quick!)

phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove

phbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.4 25 interface FastEthernet1/0 25
phbrtr(config)#

If this still doesn’t work (note that once you’ve issued the clear ip nat command – any new packets will create a new nat entry – hence ‘Be quick’!), you will to stop nat for a while to allow you to remove the translation:

phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25
%Static entry in use, cannot remove

phbrtr(config)#interface FastEthernet0/0
phbrtr(config-if)#no ip nat inside
phbrtr(config-if)#exit

phbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#no ip nat outside
phbrtr(config-if)#exit

phbrtr(config)#do clear ip nat translation *
phbrtr(config)#no ip nat source static tcp 192.168.0.1 25 interface FastEthernet1/0 25

phbrtr(config)#interface FastEthernet0
phbrtr(config-if)#ip nat inside
phbrtr(config-if)#exit

phbrtr(config)#interface FastEthernet1/0
phbrtr(config-if)#ip nat outside
phbrtr(config-if)#exit

 This demo removes IP NAT from both inside and outside interfaces – but you could try to removing it from just one (for ease) - but it will obviously depend on your setup.

Are you looking to learn more about Cisco equipment? Well, here’s a selection of a few books that I’ve found useful over the years:


Cisco: A Beginner’s Guide		  
CCNA – Cisco Certified Network Associate Study Guide		  
Cisco Networking for Dummies		  
Cisco IOS in a Nutshell – O’Reilly

 

Filed under Cisco · Tagged with , , ,

phirebird