Re: NAT-symdb: DB is either not enabled

gambitlegend · ‎05-17-2011

Hi guys!

I have a router (2811) configured to NAT addresses between my internal network and the internet.

If I connect my laptop straight to the internal network port (FE0/0) I am unable to ping to the internet, but if i try to ping from the router it's sucessfull.

My friend tried to debug this and the following error was showing a lot of times - NAT-symdb: DB is either not enabled - I don't understand why.

I alradey tried to apply a static IP address in the Internet port (FE0/1) but it stills the same

Here you have the configuration in the router:

interface FastEthernet0/0

ip address 10.128.1.254 255.255.255.0

ip nat inside

ip nat enable

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address dhcp client-id FastEthernet0/1

ip nat outside

ip nat enable

ip virtual-reassembly

duplex auto

speed auto

!

no ip forward-protocol nd

!

no ip http server

ip nat inside source list 100 interface Fast

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

!

access-list 100 permit ip any any log-input

Jon Marshall · ‎05-17-2011

Paulo

Can you do the following -

1) under each interface remove the "ip nat enable" command but leave the "ip nat [inside/outside]" config line

2) can you confirm that you have the full statement in your config -

ip nat inside source list 100 interface fa0/1 overload

3) can you then try to connect from an internal host and post -

i) the output of "sh ip nat translations"

ii) confirm the IP address of the internal device you pinged from

Jon

gambitlegend · ‎05-18-2011

Hi John!

1) I did what u said to me and the config now is:

interface FastEthernet0/0

ip address 10.128.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address dhcp client-id FastEthernet0/1

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

no ip forward-protocol nd

!

no ip http server

2) ip nat inside source list 100 interface FastEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

!

access-list 100 permit ip any any log-input

3) The ip form the device connected to the router is 10.128.1.44

4) Here you have the results for the "sh ip nat translations" command:

Pro Inside global Inside local Outside local Outside global

tcp 196.202.255.33:50599 10.128.1.44:50599 88.147.42.249:80 88.147.42.249:80

udp 196.202.255.33:50622 10.128.1.44:50622 24.161.161.223:12087 24.161.161.223:1 2087

udp 196.202.255.33:50622 10.128.1.44:50622 24.210.171.170:36186 24.210.171.170:3 6186

udp 196.202.255.33:50622 10.128.1.44:50622 41.248.211.118:30632 41.248.211.118:3 0632

udp 196.202.255.33:50622 10.128.1.44:50622 46.109.210.104:31346 46.109.210.104:3 1346

udp 196.202.255.33:50622 10.128.1.44:50622 49.132.153.42:60671 49.132.153.42:606 71

udp 196.202.255.33:50622 10.128.1.44:50622 64.142.36.44:19357 64.142.36.44:19357

udp 196.202.255.33:50622 10.128.1.44:50622 66.31.30.52:65311 66.31.30.52:65311

udp 196.202.255.33:50622 10.128.1.44:50622 68.149.1.118:26772 68.149.1.118:26772

udp 196.202.255.33:50622 10.128.1.44:50622 70.92.31.167:58357 70.92.31.167:58357

udp 196.202.255.33:50622 10.128.1.44:50622 70.180.104.155:24773 70.180.104.155:2 4773

udp 196.202.255.33:50622 10.128.1.44:50622 71.93.42.46:17664 71.93.42.46:17664

udp 196.202.255.33:50622 10.128.1.44:50622 72.37.217.152:38626 72.37.217.152:386 26

udp 196.202.255.33:50622 10.128.1.44:50622 72.42.165.100:28544 72.42.165.100:285 44

Pro Inside global Inside local Outside local Outside global

udp 196.202.255.33:50622 10.128.1.44:50622 72.241.148.202:28186 72.241.148.202:28186

udp 196.202.255.33:50622 10.128.1.44:50622 76.109.110.152:1767 76.109.110.152:1767

udp 196.202.255.33:50622 10.128.1.44:50622 77.71.57.61:4505 77.71.57.61:4505

udp 196.202.255.33:50622 10.128.1.44:50622 77.239.21.128:39419 77.239.21.128:39419

udp 196.202.255.33:50622 10.128.1.44:50622 78.128.94.168:23633 78.128.94.168:23633

udp 196.202.255.33:50622 10.128.1.44:50622 78.128.111.10:21860 78.128.111.10:21860

udp 196.202.255.33:50622 10.128.1.44:50622 78.130.170.196:59624 78.130.170.196:59624

udp 196.202.255.33:50622 10.128.1.44:50622 78.142.11.8:12004 78.142.11.8:12004

udp 196.202.255.33:50622 10.128.1.44:50622 78.142.48.208:24591 78.142.48.208:24591

udp 196.202.255.33:50622 10.128.1.44:50622 79.11.147.120:19892 79.11.147.120:19892

udp 196.202.255.33:50622 10.128.1.44:50622 81.192.193.182:33712 81.192.193.182:33712

udp 196.202.255.33:50622 10.128.1.44:50622 82.154.169.88:32509 82.154.169.88:32509

udp 196.202.255.33:50622 10.128.1.44:50622 82.160.248.142:50892 82.160.248.142:50892

udp 196.202.255.33:50622 10.128.1.44:50622 84.54.176.74:38992 84.54.176.74:38992

udp 196.202.255.33:50622 10.128.1.44:50622 86.3.6.253:28929 86.3.6.253:28929

udp 196.202.255.33:50622 10.128.1.44:50622 86.3.131.152:44760 86.3.131.152:44760

udp 196.202.255.33:50622 10.128.1.44:50622 87.119.65.209:23884 87.119.65.209:23884

udp 196.202.255.33:50622 10.128.1.44:50622 87.120.15.94:60347 87.120.15.94:60347

udp 196.202.255.33:50622 10.128.1.44:50622 87.120.29.133:33590 87.120.29.133:33590

udp 196.202.255.33:50622 10.128.1.44:50622 87.120.29.186:44339 87.120.29.186:44339

udp 196.202.255.33:50622 10.128.1.44:50622 87.120.166.111:49933 87.120.166.111:49933

udp 196.202.255.33:50622 10.128.1.44:50622 87.120.184.128:8192 87.120.184.128:8192

udp 196.202.255.33:50622 10.128.1.44:50622 87.121.157.135:36601 87.121.157.135:36601

udp 196.202.255.33:50622 10.128.1.44:50622 87.121.201.194:26604 87.121.201.194:26604

udp 196.202.255.33:50622 10.128.1.44:50622 88.189.249.153:9833 88.189.249.153:9833

udp 196.202.255.33:50622 10.128.1.44:50622 91.141.57.217:55367 91.141.57.217:55367

udp 196.202.255.33:50622 10.128.1.44:50622 92.75.9.13:7790 92.75.9.13:7790

udp 196.202.255.33:50622 10.128.1.44:50622 95.43.199.56:53571 95.43.199.56:53571

udp 196.202.255.33:50622 10.128.1.44:50622 128.111.185.144:46986 128.111.185.144:46986

udp 196.202.255.33:50622 10.128.1.44:50622 130.88.107.210:50406 130.88.107.210:50406

udp 196.202.255.33:50622 10.128.1.44:50622 130.88.114.155:62303 130.88.114.155:62303

udp 196.202.255.33:50622 10.128.1.44:50622 149.5.45.5:43008 149.5.45.5:43008

udp 196.202.255.33:50622 10.128.1.44:50622 149.5.45.137:33033 149.5.45.137:33033

udp 196.202.255.33:50622 10.128.1.44:50622 149.13.32.20:33033 149.13.32.20:33033

udp 196.202.255.33:50622 10.128.1.44:50622 151.54.143.57:53708 151.54.143.57:53708

udp 196.202.255.33:50622 10.128.1.44:50622 178.120.69.29:42559 178.120.69.29:42559

udp 196.202.255.33:50622 10.128.1.44:50622 178.140.3.116:28612 178.140.3.116:28612

udp 196.202.255.33:50622 10.128.1.44:50622 178.237.194.69:30685 178.237.194.69:30685

udp 196.202.255.33:50622 10.128.1.44:50622 188.28.59.78:57842 188.28.59.78:57842

udp 196.202.255.33:50622 10.128.1.44:50622 188.163.14.183:12295 188.163.14.183:12295

udp 196.202.255.33:50622 10.128.1.44:50622 194.228.249.3:55371 194.228.249.3:55371

udp 196.202.255.33:50622 10.128.1.44:50622 197.200.78.226:41920 197.200.78.226:41920

udp 196.202.255.33:50622 10.128.1.44:50622 207.255.223.69:35908 207.255.223.69:35908

udp 196.202.255.33:50622 10.128.1.44:50622 212.75.4.71:52196 212.75.4.71:52196

udp 196.202.255.33:50622 10.128.1.44:50622 212.233.161.154:19763 212.233.161.154:19763

udp 196.202.255.33:50622 10.128.1.44:50622 213.19.70.46:4733 213.19.70.46:4733

udp 196.202.255.33:50622 10.128.1.44:50622 213.91.130.228:1414 213.91.130.228:1414

Pro Inside global Inside local Outside local Outside global

icmp 196.202.255.33:4 196.202.255.33:4 69.63.181.12:4 69.63.181.12:4

udp 196.202.255.33:80 196.202.255.33:80 81.243.117.103:21095 81.243.117.103:21095

Florin Barhala · ‎05-18-2011

Ok, now all seems Ok and you have Internet access for clients behind Fa0/0, right?

Also I suggest you modify ACL 100:

access-list 100 permit ip 10.128.1.0 0.0.0.255 any

This way you control for who you DO NAT.

gambitlegend · ‎05-18-2011

Thank you guys, it's working now!

I had to reload the router 3 times before it picked the internet connection i don't understand why but it worked.

Andrea D'Orsi · ‎01-30-2019

Hello,

yesterday I got the same issue... please take a look here: https://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/15-0s/iadnat-monmain.html

"NAT does not support ACL with the log option."

Removing the "log" option at the end of the ACL it will work fine.

Regards,

Andrea

emory.clayton · ‎11-06-2019

Removing the log option worked for me. Thank you Andrea.

BhushanPatil45238 · ‎07-22-2020

thanks , it really helps me, issue resolved now.