Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1613
Views
20
Helpful
9
Replies

Problem with NAT on Cisco 897VA Router

martino-cisco
Level 1
Level 1

‎10-31-2016 05:18 AM - edited ‎03-08-2019 07:59 AM

Hi All,

I'm having a problem with what should be a basic configuration of PAT on an 897VA Router. Portions of the config are below:

interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
no ip route-cache
dialer pool 1
dialer-group 1

interface Vlan20
ip address 192.168.20.2 255.255.255.252
ip nat inside
ip virtual-reassembly in

ip nat inside source list 1 interface Dialer0 overload

access-list 1 permit any log.

After this configuration, I don't get any NAT translations on the router. After running some debugs, i see the message below:

NAT-SymDB: DB is either not enabled or not initiated.

I'm yet to find any good explanation for that error message.

I can see hits on the Access-list so traffic is definitely getting to the router. Really not sure of what else the issue here could be and would appreciate some assistance. 

Thanks.

Labels:
0 Helpful
9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni

‎11-01-2016 05:07 AM

Hi try ip nat enable instead of inside and outside

0 Helpful

Georg Pauwen
VIP
VIP

‎11-01-2016 05:28 AM

To be sure, do you have the static route configured ?

ip route 0.0.0.0 0.0.0 Dialer0

and

dialer-list 1 protocol ip permit

You might just want to reboot the device...

0 Helpful

martino-cisco
Level 1
Level 1

‎12-22-2016 08:45 AM

After a lot of troubleshooting, disabling cef fixed the issue and NAT now appears to be working. I can't understand why that is the case. In my opinion, this may be a bug. But yea....for anyone who may encounter something similar, that appears to be a workaround

crazycatman
Level 1
Level 1
In response to martino-cisco

‎11-18-2018 11:06 PM

Champion. Had the same damned problem, disabling cef (no ip cef) on a 2911 solved this issue for me.
Thanks a heap - stars given.
0 Helpful

Georg Pauwen
VIP
VIP
In response to crazycatman

‎11-19-2018 12:12 AM

Hello,

 

--> access-list 1 permit any log

 

The 'log' keyword at the end of the access list is the problem, it will cause all packets to be process switched, which effectively kills your NAT. After removing that keyword, you can enable CEF.

Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎11-19-2018 09:02 AM - edited ‎11-20-2018 01:34 PM

Georg makes a very good point about the impact of including the log parameter. +5 for that. I have also seen situations where using an access list for nat/pat which uses permit any has caused some issues. I would suggest changing the ACL so that it specifies the inside subnet(s). 

 

HTH

 

Rick

HTH

Rick
0 Helpful

crazycatman
Level 1
Level 1
In response to Georg Pauwen

‎11-20-2018 01:20 AM

Oh, cool, will check that out. Thanks.
0 Helpful

crazycatman
Level 1
Level 1
In response to Georg Pauwen

‎11-20-2018 01:24 AM

I can confirm you are very much correct.
Removed "log" from the ACL, re-enabled CEF, cleared the translation table, tested again and she's working a treat (translation table is back up again).
Thanks again, stars given.
0 Helpful

rasmus.elmholt
Level 7
Level 7

‎11-19-2018 10:47 AM

Hey

I have seen the same problem when the ACL is an Any ACL. try to make it match your actual inside networks and let us know how that goes.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card