NAT on multiple WAN connections

Unanswered Question
Aug 21st, 2007

Thanks for looking experts.

I have the following WAN interfaces.

interface Dialer1

description *** Internet ***

mtu 1458

ip unnumbered Loopback0

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

interface Serial0/1/0

description *** Internet ***

ip address 195.xx.xx.65 255.255.255.224

encapsulation frame-relay

no fair-queue

frame-relay interface-dlci 16

With the following NAT configuration.

ip nat pool Internet 85.xxx.xxx.42 85.xxx.xxx.42 netmask 255.255.255.248

ip nat inside source list 20 pool Internet overload

access-list 20 permit 192.168.96.0 0.0.31.255

There is also a gigabit ethernet interface with "ip nat inside" applied but my problem is not specifically getting NAT working. My problem is getting NAT working on both of the WAN interfaces so if one goes down, internet access will still be available.

Will the following configuration ammendments enable this?

interface Serial0/1/0

ip nat outside

access-list 30 permit 192.168.96.0 0.0.31.255

ip nat inside source list 30 pool Internet2 overload

ip nat pool Internet2 195.xx.xx.66 195.xx.xx.66 netmask 255.255.255.224

ip route 0.0.0.0 0.0.0.0 Dialer1 10

ip route 0.0.0.0 0.0.0.0 Serial0/1/0

Thank's for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (3 ratings)
Loading.
mohammedmahmoud Tue, 08/21/2007 - 09:40

hi,

To accomplish this you'll have to use route-maps as follows, to identify which outgoing interface uses which pool:

ip nat inside source route-map internet overload pool internet overload

ip nat inside source route-map internet2 overload pool internet2 overload

!

route-map internet permit 10

match ip address 30

match interface Dialer1

!

!

route-map internet2 permit 10

match ip address 30

match interface serial0/1/0

!

HTH,

Mohammed Mahmoud.

d.bigerstaff Wed, 08/22/2007 - 01:29

Thanks for your help so far Mohammed,

I am on site, for other reasons, and i have had a chance to test it and it's not quite working at the moment.

Here are my nat statements:

Router#show run | i nat

ip nat inside

ip nat outside

ip nat outside

ip nat pool Internet 85.xxx.xxx.42 85.xxx.xxx.42 netmask 255.255.255.248

ip nat pool Internet2 195.xx.xx.66 195.xx.xx.66 netmask 255.255.255.224

ip nat inside source list 20 pool Internet overload

ip nat inside source route-map internet pool internet overload

ip nat inside source route-map internet2 pool internet2 overload

route-map internet permit 10

match ip address 20

match interface Dialer1

route-map internet2 permit 10

match ip address 20

match interface Serial0/1/0

access-list 20 permit 192.168.96.0 0.0.31.255

ip route 0.0.0.0 0.0.0.0 serial0/1/0

ip route 0.0.0.0 0.0.0.0 Dialer1 10

With that setup it doesnt work, as soon as I take out the static route to s0/1/0 it works.

I have also tried taking out the following line as it's left over from the nat configuration before and then nat on Dialer1 stops working.

ip nat inside source list 20 pool Internet overload

Any ideas? and thanks for your help so far.

d.bigerstaff Wed, 08/22/2007 - 03:00

maybe the problem isn't quite NAT...

Even though I can ping and telnet the Frame-relay IP whenever I try to use that interface for traffic I get this error:

Serial0/1/0:Encaps failed--no map entry link 7(IP)

That is with "debug frame-relay packet int s0/1/0"

Is this even a problem because I would have thought the interface was functional if i could ping and telnet it.

However when i shutdown the "dialer1" interface I lose all connectivity to that interface so maybe traffic can come in that interface but cant go out?

I hope that sheds some more light on my prediciment.

Thanks for reading.

mohammedmahmoud Wed, 08/22/2007 - 03:21

hi,

This command should be removed:

ip nat inside source list 20 pool Internet overload

It should be working, it is a straight forward configuration, please attach, the full config, "show ip route", "sh ip interface brief" and "show ip nat translation".

HTH,

Mohammed Mahmoud.

d.bigerstaff Wed, 08/22/2007 - 06:53

It turns out there's a routing problem with my Frame Relay service.

Once I get that fixed I'll give it another shot and report back.

Thanks once again Mohammed

mohammedmahmoud Wed, 08/22/2007 - 09:35

Hi David,

You are very welcomed, and please keep me updated with the case.

HTH,

Mohammed Mahmoud.

Actions

This Discussion