×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Need help on complex NAT problem

Unanswered Question
Mar 30th, 2004
User Badges:

Dear NAT experts,


I am facing a small NAT related problem. Basically I need to have 1 inside interface and 2 outside interfaces.


The inside interface sits on a private IP subnet. While both outside interfaces sit on two different public IP ranges.


Int Dialer1 is the main interface

Int Dialer2 is the backup interface (note: this interface has a /32 mask)


I need to prepare 2 sets of NAT statements, one which is a 1 to 1 NAT and the other needs to be overloaded (due to only 1 IP available on DDR interface)


Also note that the connections do not support dynamic routing of any type.


Will this work? If no, any suggestions that could point me in the right direction?


Thanks in advance.



Sample configuration:

version 12.3

!

ip cef

isdn switch-type basic-net3

!

!

!

!

interface ATM0

no ip address

backup interface Dialer2

no ip mroute-cache

no atm ilmi-keepalive

pvc 0/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

interface BRI0

no ip address

encapsulation ppp

dialer rotary-group 2

dialer-group 1

isdn switch-type basic-net3

!

interface FastEthernet0

description connected to private IP LAN

ip address 192.x.x.x.x.255.0

ip route-cache flow

ip nat inside

speed auto

!

interface Dialer1

description connected to ADSL

ip address 100.1.x.x.x.255.248

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

ppp pap sent-username xxxxx password 7 xxxxxx

ppp ipcp dns request

ppp ipcp wins request

ip nat outside

!

interface Dialer2

description connected to ISDN

ip address 200.1.x.x.255.255.255

encapsulation ppp

ip route-cache flow

dialer in-band

dialer string xxxxxxxxx

dialer hold-queue 10

dialer watch-group 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username xxxxx password 7 xxxxxx

ip nat outside

!

!

!

ip nat inside source static 192.168.0.2 100.1.1.2

ip nat inside source static 192.168.0.3 100.1.1.3

ip nat inside source static 192.168.0.4 100.1.1.4

ip nat inside source static 192.168.0.5 100.1.1.5

ip nat inside source static 192.168.0.6 100.1.1.6

ip nat inside source list 100 interface Dialer2 overload


ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 Dialer2 10

no ip http server

!

!

access-list 100 permit ip 192.168.0.0 0.0.0.255

dialer watch-list 1 ip x.x.x.x 255.255.255.255

dialer watch-list 1 delay disconnect 10

dialer-list 1 protocol ip permit

!

!

line con 0

line aux 0

line vty 0 4

password 7xxxx

login

--More--

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
murabi Fri, 04/09/2004 - 06:51
User Badges:

You can also use route-map to configure the nat overload.

Actions

This Discussion