effects of clear ip nat trans

[ilpadrino]

I have 2 questions:

1)why does clearing the nat trans with "clear ip nat trans *" reduce the cpu load?

2)do i disrupt any service such as internet mail by clearing that nat?

i'm probably dealing with a virus or worm, but it's the weekend so i won't be able to locate the infected computers until monday. my cpu is still getting overloaded, even after denying icmp in the ACL's. once i clear the nat trans it reduces cpu load by about 40% immediately and lasts for a few hours as cpu load builds back up to 99%.

 

[lupidus]

I believe that clear ip nat translation * will suspend NAT in addition to clearing dynamic NAT translations from the translation table. As to why the CPU load is increasing back up to 99% after a few hours , I have no idea.

 

[lupidus]

After doing some more research on this, if the issue is a virus/worm you may want to investigate rate limiting NAT translation. I have personally never used it , perhaps someone on this board can provide info about its effectiveness. "The Rate Limiting NAT Translation feature can be used to limit the impact of viruses and worms that originate from specific hosts, access control lists, and VPN routing and forwarding (VRF) instances."

Take a look at

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d09f0.html

for more info.