Problem with NAT on 2811

Trying to setup multiple ISPs on 3725. I get this error every time when the LAN is 192.168.100. 255.255.252.0.
"NAT*: Can't create new inside entry - forced_punt_flags: 0"

 When I change the LAN to a /24 Network, NAT translation works as expected and the NAT table get populated
I have read everything on the internet , including Cisco for some ideas, most do not apply to this case...

Here is the curent config
                 
version 12.4
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname Test1
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable password 7 05010718321F1E5F4F
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no network-clock-participate wic 2
rlogin trusted-localuser-source local
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.20.52.151 172.20.52.254
ip dhcp excluded-address 172.20.52.1 172.20.52.125
!
ip dhcp pool wireless
   network 172.20.52.0 255.255.255.0
   domain-name Netfinityonline.com
   default-router 172.20.52.1
   dns-server 208.67.222.222
   lease 30
!
!
no ip domain lookup
!
voice-card 0
 no dspfarm
!
!
!
voice service voip
 sip
  no call service stop
!
!
voice class codec 1
 codec preference 1 g729r8
 codec preference 2 g711ulaw
!
!
!
!
!
!
!
!
!
!
!
controller E1 0/2/0
 channel-group 1 timeslots 1-15
 channel-group 2 timeslots 17-31
!
controller E1 0/2/1
 shutdown
!
!
!
!
interface Loopback0
 ip address 172.20.200.252 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 ip access-group 110 out
 ip nat outside
 no ip mroute-cache
 duplex full
 speed 100
 no cdp enable
!
interface FastEthernet0/1
 ip address 192.168.100.1 255.255.252.0
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/2/0:1
 ip address 192.168.20.2 255.255.255.252
 ip accounting output-packets
 ip nat outside
!
interface Serial0/2/0:2
 ip address 192.168.30.2 255.255.255.252
 ip accounting output-packets
 ip nat outside
!
no ip classless
ip forward-protocol nd
ip route 172.28.28.1 255.255.255.255 192.168.20.1
ip route 172.28.29.1 255.255.255.255 192.168.30.1
!
no ip http server
ip http port 7600
ip nat inside source route-map isp1 interface Serial0/2/0:1 overload
ip nat inside source route-map isp2 interface Serial0/2/0:2 overload
!
no logging trap
access-list 111 permit ip 192.168.0.0 0.0.252.0 any
snmp-server community public RO 1
snmp-server enable traps tty
no cdp run
route-map isp2 permit 10
 match ip address 111
 match interface Serial0/2/0:2
!
route-map isp1 permit 10
 match ip address 111
 match interface Serial0/2/0:1
!
I am testing this across two serial links before trying with real traffice. The part that is very confusing, why work with a /24 net and not a /22...

Thank in advance
voretlAsked:
Who is Participating?
 
Istvan KalmarConnect With a Mentor Head of IT Security Division Commented:
you need:
no access-list 111 permit ip 192.168.0.0 0.0.252.0 any
access-list 111 permit ip 192.168.100.0 0.0.3.255 any
0
 
Istvan KalmarHead of IT Security Division Commented:
HI,

acl 111 is wrong ....

you need:
no access-list 111 permit ip 192.168.0.0 0.0.252.0 any
access-list 111 permit ip 192.168.110.0 0.0.3.255 any
0
 
voretlAuthor Commented:
Thank you for the answer.. It works as I believe it should..


Little follow up,,,Why is the last octet treated differently than the first three???

Thank again
0
 
Istvan KalmarHead of IT Security Division Commented:
HI,

I am used wildcard mask 255.255.252.0 wildcard mask is 0.0.0.3.255
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.