Wednesday, August 13, 2014

NAT-SymDB: DB is either not enabled or not initiated.

I worked on a SP 887VA cisco ADSL router and would like to share a problem that I discovered with SNAT. The following error was showing in the logs and when debug nat det  was enabled

NAT-SymDB: DB is either not enabled or not initiated.


A quick google search showed numerous others with the same issues. I still don't understand what's changed with  NAT in 15.1.X code on these , but it looks like the classic  ip nat inside | outside statements are no longer required.

Here's the cfg ;

interfaces;

Current configuration : 138 bytes
!
interface Vlan1
 ip address 192.168.188.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat enable
 ip virtual-reassembly in
end

Current configuration : 308 bytes
!
interface Dialer0
 ip address negotiated
 ip flow ingress
 ip nat enable
 encapsulation ppp
 no ip route-cache cef
 ip tcp header-compression
 ip tcp adjust-mss 1450
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname adslusernamehere
 ppp chap password 0 adslpassswordhere
 no cdp enable
end


!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
end


!
interface ATM0.1 point-to-point
 ip flow ingress
 pvc 8/35
  encapsulation aal5snap
  protocol ppp dialer
  dialer pool-member 1
 !
end



Initially I had  ip nat inside and outside under the vlan1 and dialer 0 interfaces. That didn't work. So here's the finally  NAT configuration;


access-list 100 remark LAN local ip_address for allowances of  nats
access-list 100 permit ip 192.168.188.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!

ip nat source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!

int vlan 1
  ip nat enable
int dialer 0
 ip nat enable
end


the cisco model type;

Router#show ver
Router#show version
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 21-Mar-12 00:27 by prod_rel_team

ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

Router uptime is 4 minutes
System returned to ROM by power-on
System restarted at 09:45:34 UTC Wed Aug 13 2014
System image file is "flash:c880data-universalk9-mz.151-4.M4.bin"
Last reload type: Normal Reload


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 887VA (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FCZ1646XXXX

1 DSL controller
1 Ethernet interface
4 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
125496K bytes of ATA CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO887VA-K9         FCZ16469XXXX


License Information for 'c880-data'
    License Level: advsecurity   Type: Permanent
    Next reboot license Level: advsecurity


Configuration register is 0x2102




Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com


   ^      ^
=(  $  $ )=
       o 
      /  \

No comments:

Post a Comment