Solved

Problem with NAT on 2811

Posted on 2011-03-25
4
1,503 Views
Last Modified: 2012-05-11
Trying to setup multiple ISPs on 3725. I get this error every time when the LAN is 192.168.100. 255.255.252.0.
"NAT*: Can't create new inside entry - forced_punt_flags: 0"

 When I change the LAN to a /24 Network, NAT translation works as expected and the NAT table get populated
I have read everything on the internet , including Cisco for some ideas, most do not apply to this case...

Here is the curent config
                 
version 12.4
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname Test1
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable password 7 05010718321F1E5F4F
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no network-clock-participate wic 2
rlogin trusted-localuser-source local
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.20.52.151 172.20.52.254
ip dhcp excluded-address 172.20.52.1 172.20.52.125
!
ip dhcp pool wireless
   network 172.20.52.0 255.255.255.0
   domain-name Netfinityonline.com
   default-router 172.20.52.1
   dns-server 208.67.222.222
   lease 30
!
!
no ip domain lookup
!
voice-card 0
 no dspfarm
!
!
!
voice service voip
 sip
  no call service stop
!
!
voice class codec 1
 codec preference 1 g729r8
 codec preference 2 g711ulaw
!
!
!
!
!
!
!
!
!
!
!
controller E1 0/2/0
 channel-group 1 timeslots 1-15
 channel-group 2 timeslots 17-31
!
controller E1 0/2/1
 shutdown
!
!
!
!
interface Loopback0
 ip address 172.20.200.252 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 ip access-group 110 out
 ip nat outside
 no ip mroute-cache
 duplex full
 speed 100
 no cdp enable
!
interface FastEthernet0/1
 ip address 192.168.100.1 255.255.252.0
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/2/0:1
 ip address 192.168.20.2 255.255.255.252
 ip accounting output-packets
 ip nat outside
!
interface Serial0/2/0:2
 ip address 192.168.30.2 255.255.255.252
 ip accounting output-packets
 ip nat outside
!
no ip classless
ip forward-protocol nd
ip route 172.28.28.1 255.255.255.255 192.168.20.1
ip route 172.28.29.1 255.255.255.255 192.168.30.1
!
no ip http server
ip http port 7600
ip nat inside source route-map isp1 interface Serial0/2/0:1 overload
ip nat inside source route-map isp2 interface Serial0/2/0:2 overload
!
no logging trap
access-list 111 permit ip 192.168.0.0 0.0.252.0 any
snmp-server community public RO 1
snmp-server enable traps tty
no cdp run
route-map isp2 permit 10
 match ip address 111
 match interface Serial0/2/0:2
!
route-map isp1 permit 10
 match ip address 111
 match interface Serial0/2/0:1
!
I am testing this across two serial links before trying with real traffice. The part that is very confusing, why work with a /24 net and not a /22...

Thank in advance
0
Comment
Question by:voretl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35220836
HI,

acl 111 is wrong ....

you need:
no access-list 111 permit ip 192.168.0.0 0.0.252.0 any
access-list 111 permit ip 192.168.110.0 0.0.3.255 any
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 35220837
you need:
no access-list 111 permit ip 192.168.0.0 0.0.252.0 any
access-list 111 permit ip 192.168.100.0 0.0.3.255 any
0
 

Author Closing Comment

by:voretl
ID: 35220874
Thank you for the answer.. It works as I believe it should..


Little follow up,,,Why is the last octet treated differently than the first three???

Thank again
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35220911
HI,

I am used wildcard mask 255.255.252.0 wildcard mask is 0.0.0.3.255
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question