Question about NAT, noticing some problems

[IllegalOperation]

Hey guys, I noticed on my router that is doing NAT that there are an unusual amount of "misses". My hit/miss ratio is like 4:1, which seems awefully high. I am trying to troubleshoot this, but have little resources to work with. Does anyone have any experiences with a lot of misses? I am trying to determine if it is just a single computer causing this problem, or if there is something wrong with my configuations. This is just a general question about troubleshooting NAT misses, but I will be more than happy to post my config if we need to get into the specifics.

I am having trouble finding something on Cisco's site (or any other for that matter), so if anyone has any links or other documentation that would be greatly appreciated.

 

[thebruge]

Misses = Number of times the software does a translations table lookup, fails to find an entry, and must try to create one.

 

[IllegalOperation]

Thanks thebruge. So in other words, misses arent necessarily a bad thing then - right?

Looking at the NAT entry table, Ive noticed that the majority of the translations are coming from only two computers. There are approximately 2,000 translations combined for both PCs. Seems like some kind of virus or something is on them....

 

[thebruge]

Yeah misses are not always bad! Could be something like a virus/worm infection. Do you see any common destination ports that are always being translated?

 

[IllegalOperation]

Yes, the ports are the ones that the Sasser virus utilizes. I do have those ports blocked on my WAN interfaces, but not on the LAN side. Oops!