Hello,

It doesn't work -- I already tried to add "deny ip any any" at the end of each ACL for incoming and outgoing filters, but this rule was never triggered. I'll provide the "sh ip nat statistics" output a bit later.

WBR,

Igor

Hello Igor,

This is strange... I've had a look on your configuration and I do not see anything immediately wrong. The output of the show ip nat translation would be most helpful here.

Is the routing actually set up correctly? I see a static default route configured on your router but is it actually present in the routing table? Can at least the router itself reach the internet?

As a matter of rule, if ACLs are suspected, you can either add the deny ip any any log on their end, or try removing them temporarily from your interfaces to see if the issue is resolved.

Perhaps it would also be useful to try using the debug ip nat to see if there are any interesting information logged.

Best regards,

Peter

Hi Sebastien,

Thanks for your comment -- it means I'm not alone and the problem can be reproduced. Welcome to the club!

For the moment, I had no chance to test another configuration (no ACLs on interface, so there's obviously no dropped traffic, + activated ip virtual-reassembly on nat inside/outside interfaces. I don't see how it could help since NAT works using info from packet header, and does not need to re-assemble the source packet, but still want to give it a try).

Let me know if you use ACLs on nat outside interface and if you use ip virtual-reassembly.

I should have my SmartNet contract renewed on this week, so will post a question to Cisco Support then.

WBR,

Igor

Hi  Sébastien

My friend is facing the same NAT issue. After he complete NAT config and boot system flash:/c2800nm-ipbase-mz.124-15.T.bin it works OK, but once he change to boot system flash:/c2800nm-adventerprisek9-mz.151-4.M.bin the same problem happen.

Is there any solution from lgor? Since he already purchased cisco smartnet and can get support from cisco.

Mike

Hi Mike,

No I didn't receive any update from Igor, and Cisco did not gave us a clue either, I have a smartnet contract as well.

So my solution was to insert an hwic card with 4 gigabit ethernet, and then on those ports, everything is working normaly...

I don't understand why on the local gigabit port it's not working.

Sebastien

For those with a support contract that are struggling with the TAC:

• Ask for immediate escalation and priority 1 or 2, talking to a TAC manager.
• Provide all the necessary evidence: Same and correct configuration works with (e.g.) 15.0(1), does not with other versions.
• Ask TAC to reproduce problem in house.
• Make sure the case stauts is always Cisco pending, never customer pending.
• Do not give up and do not accept case closure until a satisfactory solution is given.

If it is broken, Cisco ought to acknowledge and fix it.