10-31-2016 05:18 AM - edited 03-08-2019 07:59 AM
Hi All,
I'm having a problem with what should be a basic configuration of PAT on an 897VA Router. Portions of the config are below:
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
no ip route-cache
dialer pool 1
dialer-group 1
interface Vlan20
ip address 192.168.20.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit any log.
After this configuration, I don't get any NAT translations on the router. After running some debugs, i see the message below:
NAT-SymDB: DB is either not enabled or not initiated.
I'm yet to find any good explanation for that error message.
I can see hits on the Access-list so traffic is definitely getting to the router. Really not sure of what else the issue here could be and would appreciate some assistance.
Thanks.
11-01-2016 05:07 AM
Hi try ip nat enable instead of inside and outside
11-01-2016 05:28 AM
To be sure, do you have the static route configured ?
ip route 0.0.0.0 0.0.0 Dialer0
and
dialer-list 1 protocol ip permit
You might just want to reboot the device...
12-22-2016 08:45 AM
After a lot of troubleshooting, disabling cef fixed the issue and NAT now appears to be working. I can't understand why that is the case. In my opinion, this may be a bug. But yea....for anyone who may encounter something similar, that appears to be a workaround
11-18-2018 11:06 PM
11-19-2018 12:12 AM
Hello,
--> access-list 1 permit any log
The 'log' keyword at the end of the access list is the problem, it will cause all packets to be process switched, which effectively kills your NAT. After removing that keyword, you can enable CEF.
11-19-2018 09:02 AM - edited 11-20-2018 01:34 PM
Georg makes a very good point about the impact of including the log parameter. +5 for that. I have also seen situations where using an access list for nat/pat which uses permit any has caused some issues. I would suggest changing the ACL so that it specifies the inside subnet(s).
HTH
Rick
11-20-2018 01:20 AM
11-20-2018 01:24 AM
11-19-2018 10:47 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide