Document ID: 13779
Updated: Aug 10, 2005
Contents
Introduction
Sometimes you receive these messages when you change the Network Address Translation (NAT) configuration:
-
Dynamic mapping in use, cannot remove
-
Dynamic mapping in use, do you want to delete all entries?
-
%Pool outpool in use, cannot destroy
This document demonstrates how to change the NAT configuration if you receive these messages on the console.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
Conventions
For more information on document conventions, refer to Cisco Technical Tips Conventions.
Problem Description
Dynamic NAT creates active translation entries in a table when a packet crosses from an IP NAT inside interface to an IP NAT outside interface, or vice versa. This dynamic NAT entry can be seen using the show ip nat translation command. Cisco IOS® software checks for any existing active NAT translations in the translations table when either of these existing dynamic NAT configurations is removed:
-
no ip nat pool name
-
no ip nat {inside | outside}source {list {access-list-number | name} pool name [overload] | static local-ip global-ip}
R2(config) #no ip nat inside source route-map NAT interface serial 2/0 overload Dynamic mapping in use, do you want to delete all entries? [no]: yes
If a translation entry matches, then the %Dynamic Mapping in Use, Cannot remove message or the %Pool outpool in use, cannot destroy message are respectively echoed on the console.
Solutions
The reason you receive these error messages is because you are trying to change part of a NAT configuration that is responsible for creating dynamic translations that still exist in the translation table. In order to change the NAT configuration in this situation, you need to clear the table of translations that are being used before the change is accepted. Sometimes this is not easy because the router configured with NAT may be continuously receiving packets that create translations in the table; this can happen so quickly that you don't have time to change the configuration.
Using the clear ip nat translation Command
This solution involves clearing the IP NAT translations using the clear ip nat translation command, and then replacing the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. To do this, create a script with the configuration commands written in a text format. For example:
clear ip nat translation * config terminal no ip nat pool old pool name ip nat pool new pool .......
Once you have the script, cut and paste the script into the router enable mode (Router#).
Note: This may take more than one try since it is still possible that the router will create a translation after the translation has been cleared.
Disabling NAT on the Router
This solution involves disabling NAT on the router so that it cannot create any more NAT translations. Do this by removing the ip nat inside or ip nat outside commands on the interfaces. Then clear the translation table and change the configuration.
Follow these steps to use this solution:
-
Use the no ip nat {inside | outside}command to disable future translations from taking place.
-
Use the clear ip nat translation command to clear IP NAT translations.
-
Change the NAT configuration.
-
Restore the NAT {inside | outside} arguments with the ip nat {inside | outside} configuration command.
Stopping Traffic that Causes Translations
This solution involves stopping the traffic that is causing the NAT router to create translations. Do this by either accessing the device that is sending the packets and disabling it, or by creating inbound access lists on the NAT router, denying traffic from sources that are sending the packets. Refer to Configuring IP Services for more information on filtering packets.
Summary
This Tech Note has demonstrated a few ways to work around the problem of not being able to change the NAT configuration due to active dynamic NAT translations in the translation table. There may be other ways, but in any case, the NAT translation table must be clear of any dynamic translations that resulted from the NAT configuration before the NAT configuration can be changed. Refer to Verifying NAT Operation and Basic NAT Troubleshooting for more troubleshoot information on NAT related issues.
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.