cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
11
Helpful
6
Replies

NAT on multiple WAN connections

d.bigerstaff
Level 1
Level 1

Thanks for looking experts.

I have the following WAN interfaces.

interface Dialer1

description *** Internet ***

mtu 1458

ip unnumbered Loopback0

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

interface Serial0/1/0

description *** Internet ***

ip address 195.xx.xx.65 255.255.255.224

encapsulation frame-relay

no fair-queue

frame-relay interface-dlci 16

With the following NAT configuration.

ip nat pool Internet 85.xxx.xxx.42 85.xxx.xxx.42 netmask 255.255.255.248

ip nat inside source list 20 pool Internet overload

access-list 20 permit 192.168.96.0 0.0.31.255

There is also a gigabit ethernet interface with "ip nat inside" applied but my problem is not specifically getting NAT working. My problem is getting NAT working on both of the WAN interfaces so if one goes down, internet access will still be available.

Will the following configuration ammendments enable this?

interface Serial0/1/0

ip nat outside

access-list 30 permit 192.168.96.0 0.0.31.255

ip nat inside source list 30 pool Internet2 overload

ip nat pool Internet2 195.xx.xx.66 195.xx.xx.66 netmask 255.255.255.224

ip route 0.0.0.0 0.0.0.0 Dialer1 10

ip route 0.0.0.0 0.0.0.0 Serial0/1/0

Thank's for your help.

6 Replies 6

mohammedmahmoud
Level 11
Level 11

hi,

To accomplish this you'll have to use route-maps as follows, to identify which outgoing interface uses which pool:

ip nat inside source route-map internet overload pool internet overload

ip nat inside source route-map internet2 overload pool internet2 overload

!

route-map internet permit 10

match ip address 30

match interface Dialer1

!

!

route-map internet2 permit 10

match ip address 30

match interface serial0/1/0

!

HTH,

Mohammed Mahmoud.

Thanks for your help so far Mohammed,

I am on site, for other reasons, and i have had a chance to test it and it's not quite working at the moment.

Here are my nat statements:

Router#show run | i nat

ip nat inside

ip nat outside

ip nat outside

ip nat pool Internet 85.xxx.xxx.42 85.xxx.xxx.42 netmask 255.255.255.248

ip nat pool Internet2 195.xx.xx.66 195.xx.xx.66 netmask 255.255.255.224

ip nat inside source list 20 pool Internet overload

ip nat inside source route-map internet pool internet overload

ip nat inside source route-map internet2 pool internet2 overload

route-map internet permit 10

match ip address 20

match interface Dialer1

route-map internet2 permit 10

match ip address 20

match interface Serial0/1/0

access-list 20 permit 192.168.96.0 0.0.31.255

ip route 0.0.0.0 0.0.0.0 serial0/1/0

ip route 0.0.0.0 0.0.0.0 Dialer1 10

With that setup it doesnt work, as soon as I take out the static route to s0/1/0 it works.

I have also tried taking out the following line as it's left over from the nat configuration before and then nat on Dialer1 stops working.

ip nat inside source list 20 pool Internet overload

Any ideas? and thanks for your help so far.

maybe the problem isn't quite NAT...

Even though I can ping and telnet the Frame-relay IP whenever I try to use that interface for traffic I get this error:

Serial0/1/0:Encaps failed--no map entry link 7(IP)

That is with "debug frame-relay packet int s0/1/0"

Is this even a problem because I would have thought the interface was functional if i could ping and telnet it.

However when i shutdown the "dialer1" interface I lose all connectivity to that interface so maybe traffic can come in that interface but cant go out?

I hope that sheds some more light on my prediciment.

Thanks for reading.

hi,

This command should be removed:

ip nat inside source list 20 pool Internet overload

It should be working, it is a straight forward configuration, please attach, the full config, "show ip route", "sh ip interface brief" and "show ip nat translation".

HTH,

Mohammed Mahmoud.

It turns out there's a routing problem with my Frame Relay service.

Once I get that fixed I'll give it another shot and report back.

Thanks once again Mohammed

Hi David,

You are very welcomed, and please keep me updated with the case.

HTH,

Mohammed Mahmoud.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: