Can't create new inside entry

Unanswered Question
Jun 23rd, 2014
User Badges:

Hopefully someone can help me with this,

One of our customers has a broadband connection with 2 vlans, one for internet wan and one in a private ip-VPN for VoIP. both of them require PPPoE on outgoing packets.

I used an old cisco 878 to do the PPPoE part.

Cisco 878 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FHK10142401
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
System image file is "flash:c870-advipservicesk9-mz.124-4.T2.bin"

Ports 1 and 2 connect to the providers CPE, 3 and 4 to the customers Voice Lan and Firewall. All working fine untill the cisco suddenly lost its configuration.
I restored most of it but now NAT from the voice lan (10.2.18.0/24) to the wan is not working.

*Aug 15 04:36:55.547: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Aug 15 04:36:55.547: NAT: translation failed (A), dropping packet s=10.2.18.7 d=8.8.8.8
*Aug 15 04:36:55.551: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Aug 15 04:36:55.555: NAT: translation failed (A), dropping packet s=10.2.18.7 d=8.8.8.8

 

Config:

Current configuration : 4557 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool voip
   network 10.2.18.0 255.255.255.0
   default-router 10.2.18.1
   option 66 ascii "http://xsp.voipit.nl/dms/cisco504/504.xml"
   dns-server 8.8.8.8
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-956426022
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-956426022
 revocation-check none
 rsakeypair TP-self-signed-956426022
!
!
crypto pki certificate chain TP-self-signed-956426022
 certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 39353634 32363032 32301E17 0D303830 37323730 36303831
  355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3935 36343236
  30323230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C8617A6F A7C1F3EA B653F2E5 2B35AE4F F607F3E3 7FA758D5 0499BA23 16F678C9
  2CD306CE BA15B41E EDCBF7B3 A457884C 4542210F E66E17FE 54E85D8E 7B242CAB
  62E0F717 71483B45 B05C9469 06B5A559 A8A6B560 0F0B859F E8FB36AB 5BCCC8A8
  2E6F5E10 DF42FABC 1ED7D35D 7AAF98F6 B248C356 5363A70C D5E0079C 2ACBFA97
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 16801458 FB686326 8A85B691 799CDE83 F613E6F2 7D8E8F30
  1D060355 1D0E0416 041458FB 6863268A 85B69179 9CDE83F6 13E6F27D 8E8F300D
  06092A86 4886F70D 01010405 00038181 006C08E8 90FAF645 2D95F35B 9E7B8B4F
  A6C69725 44B54654 4728239E 507F3A6F B0E4BF43 26D98EFC F0E79B1A A4C05C21
  924C3DE4 8969D0CC 69AEC787 3B8D87A8 95E1D55A 14938D3A 86189BC3 03BB369F
  88A42FFC 047AE5C4 8CEE9853 4FC4A6A2 16732BD4 30F0A727 EEB33BAD 5072EC8C
  76035FB6 F6087C55 7646081C 5C695193 8C
  quit
username ftadmin privilege 15 secret 5 $1$S0KM$rLTNOGqEeNV4/irr1uqFU/
!
!
controller DSL 0
 line-term cpe
!
!
!
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet0
 description Naar KPN - DATA
!
interface FastEthernet1
 description Naar KPN - Voice
 switchport access vlan 2
!
interface FastEthernet2
 description Naar Juniper - Data
 switchport access vlan 3
!
interface FastEthernet3
 description Naar Switch - Voice
 switchport access vlan 4
!
interface Vlan1
 description PPPoE - Data
 no ip address
 ip tcp adjust-mss 1452
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Vlan4
 description DATA
 ip address 37.153.199.221 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan3
 description VOIP
 ip address 10.2.18.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan2
 description PPPoE - Voice
 no ip address
 ip tcp adjust-mss 1452
 pppoe enable group global
 pppoe-client dial-pool-number 2
!
interface Dialer1
 description Dialer voor DATA
 mtu 1492
 ip unnumbered Vlan4
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username ******** password 0 **********
!
interface Dialer2
 description Dialer voor VOICE
 mtu 1492
 ip unnumbered Vlan3
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation ppp
 dialer pool 2
 dialer-group 2
 no cdp enable
 ppp authentication pap callin
  ppp pap sent-username ******** password 0 **********
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.3.180.0 255.255.255.0 Dialer2
ip route 172.31.161.240 255.255.255.240 Dialer2
ip route 172.31.255.22 255.255.255.255 Dialer2
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 100 interface Dialer1 overload
!
access-list 100 permit ip 10.2.18.0 0.0.0.255 any
no cdp run
!
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

 

 

 

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

Related Content