[c-nsp] Cannot get little soho91 to NAT
RawCode
gonnason at gmail.com
Thu Oct 28 13:11:02 EDT 2004
Yeah Sorry about that I was playing around and it looks like I sent
out the wrong version of the config.. :P I corrected it to 0.0.0.255.
version:
Cisco IOS Software, SOHO91 Software (SOHO91-K9OY6-M), Version 12.3(8)T3
Going to upgrade the IOS to the latest version to see if it helps.
Dennis suggested that I turn off CEF, but it did not appear to be
running. Will let the list know how it goes after the upgrade.
Mike Gonnason
On Thu, 28 Oct 2004 02:43:15 -0400, Paul Stewart <pauls at nexicom.net> wrote:
> We have seen this problem on a number of Soho91's with buggy IOS code..
> the code on these routers is way behind in development it appears.
>
> Lately we have moved 35+ of them over to 12.3.11T and had pretty good
> success... I *believe* it was versions 12.3.8T4 and 12.3.8T3 that caused
> us a LOT of grief with NAT (definately two of the 12.3.8T versions)...
>
> Hope this helps..
>
> Paul
>
>
>
>
> On Thu, 2004-10-28 at 01:45, Oliver Boehmer (oboehmer) wrote:
> > > It has quite a few other people at my work confused, and people on
> > > another cisco forum.
> > >
> > > (192.168.0.128)Host----Soho91-----Gateway (to internet) 10.0.105.254
> > >
> > > Inital info: The soho can traceroute to any host on the net, can
> > > resolve dns, so it has full connectivity. Almost this exact config
> > > works when I am using pppoe on Eth1 for the ip assignment instead of
> > > this static setup.
> > >
> > > The host cannot get past the soho at all. When I do a "debug ip nat
> > > detailed" I get a lot of these:
> > > *Mar 1 00:25:25.235: NAT*: Can't create new inside entry -
> > > forced_punt_flags: 0
> > > *Mar 1 00:25:26.243: NAT*: Can't create new inside entry -
> > > forced_punt_flags: 0
> > > *Mar 1 00:25:28.263: NAT*: Can't create new inside entry -
> > > forced_punt_flags: 0
> > > *Mar 1 00:25:30.271: NAT*: Can't create new inside entry -
> > > forced_punt_flags: 0
> > >
> > > Any idea what is going on? Here is the config:
> >
> > which IOS release are you using?
> > Can you try to remove the "log" option in your ACL used for NAT, i.e.
> > no access-list 2
> > access-list 2 permit 192.168.0.0 0.0.0.128
> >
> > Are you sure about the wildcard 0.0.0.128? Don't you want your whole E0
> > nat'ed?
> >
> > There's CSCed14457 (integrated in 12.3(07.04)T 012.003(007.004)), not
> > sure if this is the culprit..
> >
> > oli
> >
> > _______________________________________________
>
>
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
More information about the cisco-nsp
mailing list