Solved

Problem with NAT on 2811

Posted on 2011-03-25
4
1,464 Views
Last Modified: 2012-05-11
Trying to setup multiple ISPs on 3725. I get this error every time when the LAN is 192.168.100. 255.255.252.0.
"NAT*: Can't create new inside entry - forced_punt_flags: 0"

 When I change the LAN to a /24 Network, NAT translation works as expected and the NAT table get populated
I have read everything on the internet , including Cisco for some ideas, most do not apply to this case...

Here is the curent config
                 
version 12.4
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname Test1
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable password 7 05010718321F1E5F4F
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no network-clock-participate wic 2
rlogin trusted-localuser-source local
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.20.52.151 172.20.52.254
ip dhcp excluded-address 172.20.52.1 172.20.52.125
!
ip dhcp pool wireless
   network 172.20.52.0 255.255.255.0
   domain-name Netfinityonline.com
   default-router 172.20.52.1
   dns-server 208.67.222.222
   lease 30
!
!
no ip domain lookup
!
voice-card 0
 no dspfarm
!
!
!
voice service voip
 sip
  no call service stop
!
!
voice class codec 1
 codec preference 1 g729r8
 codec preference 2 g711ulaw
!
!
!
!
!
!
!
!
!
!
!
controller E1 0/2/0
 channel-group 1 timeslots 1-15
 channel-group 2 timeslots 17-31
!
controller E1 0/2/1
 shutdown
!
!
!
!
interface Loopback0
 ip address 172.20.200.252 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 ip access-group 110 out
 ip nat outside
 no ip mroute-cache
 duplex full
 speed 100
 no cdp enable
!
interface FastEthernet0/1
 ip address 192.168.100.1 255.255.252.0
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/2/0:1
 ip address 192.168.20.2 255.255.255.252
 ip accounting output-packets
 ip nat outside
!
interface Serial0/2/0:2
 ip address 192.168.30.2 255.255.255.252
 ip accounting output-packets
 ip nat outside
!
no ip classless
ip forward-protocol nd
ip route 172.28.28.1 255.255.255.255 192.168.20.1
ip route 172.28.29.1 255.255.255.255 192.168.30.1
!
no ip http server
ip http port 7600
ip nat inside source route-map isp1 interface Serial0/2/0:1 overload
ip nat inside source route-map isp2 interface Serial0/2/0:2 overload
!
no logging trap
access-list 111 permit ip 192.168.0.0 0.0.252.0 any
snmp-server community public RO 1
snmp-server enable traps tty
no cdp run
route-map isp2 permit 10
 match ip address 111
 match interface Serial0/2/0:2
!
route-map isp1 permit 10
 match ip address 111
 match interface Serial0/2/0:1
!
I am testing this across two serial links before trying with real traffice. The part that is very confusing, why work with a /24 net and not a /22...

Thank in advance
0
Comment
Question by:voretl
  • 3
4 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35220836
HI,

acl 111 is wrong ....

you need:
no access-list 111 permit ip 192.168.0.0 0.0.252.0 any
access-list 111 permit ip 192.168.110.0 0.0.3.255 any
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 35220837
you need:
no access-list 111 permit ip 192.168.0.0 0.0.252.0 any
access-list 111 permit ip 192.168.100.0 0.0.3.255 any
0
 

Author Closing Comment

by:voretl
ID: 35220874
Thank you for the answer.. It works as I believe it should..


Little follow up,,,Why is the last octet treated differently than the first three???

Thank again
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35220911
HI,

I am used wildcard mask 255.255.252.0 wildcard mask is 0.0.0.3.255
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now