08-21-2007 05:38 AM - edited 03-05-2019 06:01 PM
Thanks for looking experts.
I have the following WAN interfaces.
interface Dialer1
description *** Internet ***
mtu 1458
ip unnumbered Loopback0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
interface Serial0/1/0
description *** Internet ***
ip address 195.xx.xx.65 255.255.255.224
encapsulation frame-relay
no fair-queue
frame-relay interface-dlci 16
With the following NAT configuration.
ip nat pool Internet 85.xxx.xxx.42 85.xxx.xxx.42 netmask 255.255.255.248
ip nat inside source list 20 pool Internet overload
access-list 20 permit 192.168.96.0 0.0.31.255
There is also a gigabit ethernet interface with "ip nat inside" applied but my problem is not specifically getting NAT working. My problem is getting NAT working on both of the WAN interfaces so if one goes down, internet access will still be available.
Will the following configuration ammendments enable this?
interface Serial0/1/0
ip nat outside
access-list 30 permit 192.168.96.0 0.0.31.255
ip nat inside source list 30 pool Internet2 overload
ip nat pool Internet2 195.xx.xx.66 195.xx.xx.66 netmask 255.255.255.224
ip route 0.0.0.0 0.0.0.0 Dialer1 10
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
Thank's for your help.
08-21-2007 09:40 AM
hi,
To accomplish this you'll have to use route-maps as follows, to identify which outgoing interface uses which pool:
ip nat inside source route-map internet overload pool internet overload
ip nat inside source route-map internet2 overload pool internet2 overload
!
route-map internet permit 10
match ip address 30
match interface Dialer1
!
!
route-map internet2 permit 10
match ip address 30
match interface serial0/1/0
!
HTH,
Mohammed Mahmoud.
08-22-2007 01:29 AM
Thanks for your help so far Mohammed,
I am on site, for other reasons, and i have had a chance to test it and it's not quite working at the moment.
Here are my nat statements:
Router#show run | i nat
ip nat inside
ip nat outside
ip nat outside
ip nat pool Internet 85.xxx.xxx.42 85.xxx.xxx.42 netmask 255.255.255.248
ip nat pool Internet2 195.xx.xx.66 195.xx.xx.66 netmask 255.255.255.224
ip nat inside source list 20 pool Internet overload
ip nat inside source route-map internet pool internet overload
ip nat inside source route-map internet2 pool internet2 overload
route-map internet permit 10
match ip address 20
match interface Dialer1
route-map internet2 permit 10
match ip address 20
match interface Serial0/1/0
access-list 20 permit 192.168.96.0 0.0.31.255
ip route 0.0.0.0 0.0.0.0 serial0/1/0
ip route 0.0.0.0 0.0.0.0 Dialer1 10
With that setup it doesnt work, as soon as I take out the static route to s0/1/0 it works.
I have also tried taking out the following line as it's left over from the nat configuration before and then nat on Dialer1 stops working.
ip nat inside source list 20 pool Internet overload
Any ideas? and thanks for your help so far.
08-22-2007 03:00 AM
maybe the problem isn't quite NAT...
Even though I can ping and telnet the Frame-relay IP whenever I try to use that interface for traffic I get this error:
Serial0/1/0:Encaps failed--no map entry link 7(IP)
That is with "debug frame-relay packet int s0/1/0"
Is this even a problem because I would have thought the interface was functional if i could ping and telnet it.
However when i shutdown the "dialer1" interface I lose all connectivity to that interface so maybe traffic can come in that interface but cant go out?
I hope that sheds some more light on my prediciment.
Thanks for reading.
08-22-2007 03:21 AM
hi,
This command should be removed:
ip nat inside source list 20 pool Internet overload
It should be working, it is a straight forward configuration, please attach, the full config, "show ip route", "sh ip interface brief" and "show ip nat translation".
HTH,
Mohammed Mahmoud.
08-22-2007 06:53 AM
It turns out there's a routing problem with my Frame Relay service.
Once I get that fixed I'll give it another shot and report back.
Thanks once again Mohammed
08-22-2007 09:35 AM
Hi David,
You are very welcomed, and please keep me updated with the case.
HTH,
Mohammed Mahmoud.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: