NAT - Access-List problem - ISDN connections

Unanswered Question
Aug 2nd, 2010
User Badges:

Hi all,


I'm having some trouble configuring my Cisco 800 router, using NAT and access-lists.


In order to reach partners (each of them defined in a Dialer Profile), I do have to NAT my source IP address and the destination IP address. I use IP nat inside at Ethernet level, and IP nat outside at Dialer level.


I can reach my partners without any problems (I'm performing FTP and I get the prompt)

but my partners cannot FTP my 10.10.10.1 FTP server (natted into Dialer's specific 192.168.22X.X address)


When debugging, I do see Dialer info for incoming calls, but no NAT info > it seems packet do not pass through access lists (I guess this is the problem :-)))


Any help would be highly appreciated as I'm certainly not an expert in NAT and Access-Lists.


Here is my config:


My FTP server is 10.10.10.1 and I need to NAT this address.



interface Ethernet0

ip address 10.10.10.253 255.255.255.0

ip nat inside

no ip route-cache

no ip mroute-cache

no keepalive


!        

interface BRI0

no ip address

encapsulation ppp

no ip mroute-cache

dialer pool-member 1

isdn switch-type basic-net3

ppp authentication chap callin


!        

interface Dialer2

description XXX

ip address 192.168.223.1 255.255.255.0

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name router_name

dialer string xxxxxxxxxxxx class mapclass1

dialer caller xxxxxxxxxx

dialer-group 2

ppp authentication chap callin

ppp chap hostname MYROUTERNAME

ppp chap password strong_password


!        

interface Dialer3

description XXXYYY

ip address 192.168.224.1 255.255.255.0

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name other_routername

dialer string yyyyyyyyyyyyyy class mapclass1

dialer caller yyyyyyyyyyyy

dialer-group 2

ppp authentication chap callin

ppp chap hostname MYROUTERNAME

ppp chap password very_strong_password


!        

ip nat inside source route-map XXXYYY interface Dialer3 overload

ip nat inside source route-map XXX interface Dialer2 overload

ip nat outside source static 10.160.67.4 10.4.210.9

ip nat outside source static 10.160.67.2 10.4.210.10

ip nat outside source static 10.160.67.5 10.4.210.11

ip nat outside source static 62.157.189.14 10.4.210.1

ip nat outside source static 10.193.135.34 10.4.210.2

ip nat outside source static 10.193.135.35 10.4.210.3

ip http server

ip classless

ip route 10.4.210.0 255.255.255.248 Dialer3

ip route 10.4.210.8 255.255.255.248 Dialer2


!

access-list 23 permit 10.10.10.0 0.0.0.7 log

access-list 110 permit ip host 10.10.10.1 host 10.4.210.9 log

access-list 110 permit ip host 10.10.10.1 host 10.4.210.10 log

access-list 110 permit ip host 10.10.10.1 host 10.4.210.11 log

access-list 113 permit ip host 10.10.10.1 host 10.4.210.1 log

access-list 113 permit ip host 10.10.10.1 host 10.4.210.2 log

access-list 113 permit ip host 10.10.10.1 host 10.4.210.3 log

dialer-list 2 protocol ip list 101

!

route-map XXXYYY permit 10

match ip address 113

!        

route-map XXX permit 10

match ip address 110

!        

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion