[c-nsp] Cannot get little soho91 to NAT

RawCode gonnason at gmail.com
Wed Oct 27 15:41:15 EDT 2004 

 It has quite a few other people at my work confused, and people on
another cisco forum.

(192.168.0.128)Host----Soho91-----Gateway (to internet) 10.0.105.254

Inital info: The soho can traceroute to any host on the net, can
resolve dns, so it has full connectivity. Almost this exact config
works when I am using pppoe on Eth1 for the ip assignment instead of
this static setup.

The host cannot get past the soho at all. When I do a "debug ip nat
detailed" I get a lot of these:
*Mar  1 00:25:25.235: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Mar  1 00:25:26.243: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Mar  1 00:25:28.263: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Mar  1 00:25:30.271: NAT*: Can't create new inside entry - forced_punt_flags: 0

Any idea what is going on? Here is the config:

Current configuration : 1280 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname testrouter
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.0.1 192.168.0.127
!
ip dhcp pool LAN
   network 192.168.0.0 255.255.255.0
   dns-server 10.0.0.3
   default-router 192.168.0.1
!
!
ip name-server 10.0.0.3
!
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
!
interface Ethernet1
 ip address 10.0.105.200 255.255.255.0
 ip nat outside
 duplex auto
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.105.254
no ip http server
no ip http secure-server
ip nat log translations syslog
ip nat inside source list 2 interface Ethernet1 overload
!
!
no logging trap
access-list 2 permit 192.168.0.0 0.0.0.128 log
!
control-plane
!
!
line con 0
 password 7
 login
 no modem enable
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 password 7
 login
 transport preferred none
 transport input telnet
 transport output all
!
scheduler max-task-time 5000
end

testrouter#


Thanks,
Mike Gonnason

More information about the cisco-nsp mailing list