[c-nsp] Cannot get little soho91 to NAT

[Paul Stewart]

We have seen this problem on a number of Soho91's with buggy IOS code.. 
the code on these routers is way behind in development it appears.

Lately we have moved 35+ of them over to 12.3.11T and had pretty good
success... I *believe* it was versions 12.3.8T4 and 12.3.8T3 that caused
us a LOT of grief with NAT (definately two of the 12.3.8T versions)...

Hope this helps..

Paul


On Thu, 2004-10-28 at 01:45, Oliver Boehmer (oboehmer) wrote:
> >  It has quite a few other people at my work confused, and people on
> > another cisco forum.
> > 
> > (192.168.0.128)Host----Soho91-----Gateway (to internet) 10.0.105.254
> > 
> > Inital info: The soho can traceroute to any host on the net, can
> > resolve dns, so it has full connectivity. Almost this exact config
> > works when I am using pppoe on Eth1 for the ip assignment instead of
> > this static setup.
> > 
> > The host cannot get past the soho at all. When I do a "debug ip nat
> > detailed" I get a lot of these:
> > *Mar  1 00:25:25.235: NAT*: Can't create new inside entry -
> > forced_punt_flags: 0 
> > *Mar  1 00:25:26.243: NAT*: Can't create new inside entry -
> > forced_punt_flags: 0 
> > *Mar  1 00:25:28.263: NAT*: Can't create new inside entry -
> > forced_punt_flags: 0 
> > *Mar  1 00:25:30.271: NAT*: Can't create new inside entry -
> > forced_punt_flags: 0 
> > 
> > Any idea what is going on? Here is the config:
> 
> which IOS release are you using? 
> Can you try to remove the "log" option in your ACL used for NAT, i.e.
>  no access-list 2 
>  access-list 2 permit 192.168.0.0 0.0.0.128
> 
> Are you sure about the wildcard 0.0.0.128? Don't you want your whole E0
> nat'ed? 
> 
> There's CSCed14457 (integrated in 12.3(07.04)T 012.003(007.004)), not
> sure if this is the culprit..
> 
> 	oli
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>