cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
448
Views
0
Helpful
5
Replies

Problem with NAT with multi ISP

ptdki2006
Level 1
Level 1

We have problem with configure NAT with multi ISP, we using Cisco 2811 in our client, and we have make this configuration below :

...

ip subnet-zero

!

!

ip cef

!

!

no ip bootp server

no ip domain lookup

ip domain name yourdomain.com

ip name-server 202.152.165.36

ip name-server 202.152.165.39

ip name-server 202.93.40.174

!

username cisco privilege 15 secret 5 $1$XbGJ$TROEKWhQ8.XkqUAeNEEKL.

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.1

description VLAN-ID:11

encapsulation dot1Q 11 native

ip address 192.168.0.190 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.2

description VLAN-ID:12

encapsulation dot1Q 12

ip address 192.168.0.206 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.3

description VLAN-ID:13

encapsulation dot1Q 13

ip address 192.168.0.222 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.4

description VLAN-ID:14

encapsulation dot1Q 14

ip address 192.168.0.238 255.255.255.240

no snmp trap link-status

!

interface FastEthernet0/0.5

description VLAN-ID:15

encapsulation dot1Q 15

ip address 192.168.0.254 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.6

encapsulation dot1Q 16

ip address 192.168.0.174 255.255.255.240

no snmp trap link-status

!

interface FastEthernet0/1

ip address 172.18.18.1 255.255.255.252

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1/0

description Link PT.DKI-I

switchport access vlan 20

speed 100

!

interface FastEthernet0/1/1

description Link PT.DKI-II

switchport access vlan 30

!

interface FastEthernet0/1/2

description Link Nusa.Net

switchport access vlan 40

!

interface FastEthernet0/1/3

description JARING.MY

switchport access vlan 50

!

interface Vlan1

no ip address

!

interface Vlan13

no ip address

ip nat inside

!

interface Vlan20

description PT.DKI-I

ip address 124.195.x.x.255.255.252

ip nat outside

!

interface Vlan30

description PT.DKI-II

ip address 124.195.x.x.255.255.252

ip nat outside

!

interface Vlan40

description NUSA.Net

ip address 202.162.x.x.255.255.192

ip nat outside

!

interface Vlan50

description JARING.MY

ip dhcp client lease 1 0 0

ip address dhcp

ip nat outside

!

ip classless

ip route 0.0.0.0 0.0.x.x.195.16.105

ip route 0.0.0.0 0.0.0.0 202.162.196.126

ip route 172.18.18.4 255.255.255.252 172.18.18.2

ip route 192.168.10.0 255.255.255.192 172.18.18.2

ip route 192.168.10.64 255.255.255.192

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1/3 dhcp

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat log translations syslog

ip nat pool mapDKI1 124.195.16.106 124.195.16.106 netmask 255.255.255.252

ip nat pool mapNusa 202.162.196.103 202.162.196.103 netmask 255.255.255.192

ip nat inside source route-map mapDKI1 pool mapDKI1 overload

ip nat inside source route-map mapNusa pool mapNusa overload

!

access-list 106 permit ip 192.168.0.0 0.0.4.255 any

access-list 108 permit ip 172.18.18.0 0.0.0.4 any

route-map mapDKI1 permit 10

match ip address 106

set ip next-hop 124.195.16.105

!

route-map mapJaring permit 10

match ip address 109

set ip next-hop 10.11.0.1

!

route-map mapNusa permit 10

match ip address 108

set ip default next-hop 202.162.196.126

!

!

control-plane

!

!

line con 0

login local

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet

!

scheduler allocate 20000 1000

!

end

Masdulhak#

We have try this NAT function to each ISP but come with No Result. Please help us.

1 Accepted Solution

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

Can you post the output from typing

#show ip nat translations

Also, you can try changing the configuration like this

no ip nat pool mapDKI1 124.195.16.106 124.195.16.106 netmask 255.255.255.252

no ip nat pool mapNusa 202.162.196.103 202.162.196.103 netmask 255.255.255.192

ip nat inside source route-map mapDKI1 interface Vlan20 overload

ip nat inside source route-map mapNusa interface Vlan40 overload

!

access-list 106 permit ip 192.168.0.0 0.0.4.255 any

access-list 108 permit ip 172.18.18.0 0.0.0.4 any

route-map mapDKI1 permit 10

match ip address 106

no set ip next-hop 124.195.16.105

set ip default next-hop 124.195.16.105

!

!

route-map mapNusa permit 10

match ip address 108

set ip default next-hop 202.162.196.126

View solution in original post

5 Replies 5

Edison Ortiz
Hall of Fame
Hall of Fame

Can you post the output from typing

#show ip nat translations

Also, you can try changing the configuration like this

no ip nat pool mapDKI1 124.195.16.106 124.195.16.106 netmask 255.255.255.252

no ip nat pool mapNusa 202.162.196.103 202.162.196.103 netmask 255.255.255.192

ip nat inside source route-map mapDKI1 interface Vlan20 overload

ip nat inside source route-map mapNusa interface Vlan40 overload

!

access-list 106 permit ip 192.168.0.0 0.0.4.255 any

access-list 108 permit ip 172.18.18.0 0.0.0.4 any

route-map mapDKI1 permit 10

match ip address 106

no set ip next-hop 124.195.16.105

set ip default next-hop 124.195.16.105

!

!

route-map mapNusa permit 10

match ip address 108

set ip default next-hop 202.162.196.126

We have try to apply the new configuration, and here is they are ;

ip subnet-zero

!

!

ip cef

!

!

no ip bootp server

no ip domain lookup

ip domain name yourdomain.com

ip name-server 202.x.x.36

ip name-server 202.x.x.39

ip name-server 202.x.x.174

ip name-server 202.x2.x.10

ip name-server 202.x.x.11

!

username cisco privilege 15 secret xxx

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.1

description VLAN-ID:11

encapsulation dot1Q 11 native

ip address 192.168.0.190 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.2

description VLAN-ID:12

encapsulation dot1Q 12

ip address 192.168.0.206 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.3

description VLAN-ID:13

encapsulation dot1Q 13

ip address 192.168.0.222 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.4

description VLAN-ID:14

encapsulation dot1Q 14

ip address 192.168.0.238 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.5

description VLAN-ID:15

encapsulation dot1Q 15

ip address 192.168.0.254 255.255.255.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.6

encapsulation dot1Q 16

ip address 192.168.0.174 255.255.255.240

no snmp trap link-status

!

interface FastEthernet0/0.7

description VLAN-ID:17

encapsulation dot1Q 17

ip address 192.168.1.254 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/1

ip address 172.18.18.1 255.255.255.252

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1/0

description Link PT.DKI-I

switchport access vlan 20

speed 100

!

interface FastEthernet0/1/1

description Link PT.DKI-II

switchport access vlan 30

!

interface FastEthernet0/1/2

description Link Nusa.Net

switchport access vlan 40

!

interface FastEthernet0/1/3

description JARING.MY

switchport access vlan 50

!

interface Vlan1

no ip address

!

interface Vlan13

no ip address

ip nat inside

!

interface Vlan14

no ip address

ip nat inside

!

interface Vlan20

description PT.DKI-I

ip address 124.195.x.x.255.255.252

ip nat outside

!

interface Vlan30

description PT.DKI-II

ip address 124.195.x.x.255.255.252

ip nat outside

!

interface Vlan40

description NUSA.Net

ip address 202.162.x.x.255.255.192

ip nat outside

!

interface Vlan50

description JARING.MY

ip dhcp client lease 1 0 0

ip address dhcp

ip nat outside

!

ip classless

ip route 0.0.0.0 0.0.0.0 202.162.196.126

ip route 0.0.0.0 0.0.0.0 124.195.16.105

ip route 172.18.18.4 255.255.255.252 172.18.18.2

ip route 192.168.11.192 255.255.255.192 172.18.18.2

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat log translations syslog

ip nat inside source route-map mapDKI1 interface Vlan20 overload

ip nat inside source route-map mapNusa interface Vlan40 overload

!

access-list 106 permit ip 172.18.18.0 0.0.0.3 any

access-list 106 permit ip 192.168.11.192 0.0.0.63 any

access-list 108 permit ip 192.168.0.240 0.0.0.15 any

access-list 108 permit ip 192.168.0.224 0.0.0.15 any

route-map mapDKI1 permit 10

match ip address 106

set ip default next-hop 124.195.16.105

!

route-map mapNusa permit 10

match ip address 108

set ip default next-hop 202.162.196.126

!

!

control-plane

!

!

!

end

All trafic have run to their each translation, but the network seem have lack respond, please give us some advice with our configuration.

Regards

And for additional information here is the result from show ip nat stat and show ip nat trans ;

Masdulhak#sh ip nat trans

Pro Inside global Inside local Outside local Outside global

icmp 202.162.196.103:517 192.168.0.249:512 209.131.36.158:512 209.131.36.158:517

tcp 202.162.196.103:1157 192.168.0.249:1157 68.142.197.198:80 68.142.197.198:80

tcp 202.162.196.103:1158 192.168.0.249:1158 209.131.36.158:80 209.131.36.158:80

tcp 202.162.196.103:1159 192.168.0.249:1159 202.158.66.20:80 202.158.66.20:80

icmp 202.162.196.103:512 192.168.0.253:512 66.94.234.13:512 66.94.234.13:512

udp 202.162.196.103:1039 192.168.0.253:1039 202.152.5.36:53 202.152.5.36:53

udp 202.162.196.103:1039 192.168.0.253:1039 202.162.192.10:53 202.162.192.10:53

udp 202.162.196.103:1039 192.168.0.253:1039 202.162.192.11:53 202.162.192.11:53

icmp 124.195.16.106:512 192.168.11.193:512 202.158.66.190:512 202.158.66.190:512

Masdulhak#sh ip nat stat

Total active translations: 12 (0 static, 12 dynamic; 12 extended)

Outside interfaces:

Vlan20, Vlan30, Vlan40, Vlan50

Inside interfaces:

FastEthernet0/0.1, FastEthernet0/0.2, FastEthernet0/0.3, FastEthernet0/0.4

FastEthernet0/0.5, FastEthernet0/1, Vlan13, Vlan14

Hits: 9867 Misses: 239

CEF Translated packets: 8965, CEF Punted packets: 957

Expired translations: 290

Dynamic mappings:

-- Inside Source

[Id: 1] route-map mapDKI1 interface Vlan20 refcount 3

[Id: 3] route-map mapNusa interface Vlan40 refcount 9

Queued Packets: 0

Masdulhak#

Thank you.

Edison,

here we give last update of our configuration:

interface Vlan20

description PT.DKI-I

ip address 124.195.16.106 255.255.255.252

ip nat outside

!

interface Vlan30

description PT.DKI-II

no ip address

ip nat outside

!

interface Vlan40

description NUSA.Net

ip address 202.162.196.103 255.255.255.192

ip nat outside

!

interface Vlan50

description JARING.MY

ip dhcp client lease 1 0 0

ip address dhcp

ip nat outside

!

ip classless

ip route 0.0.0.0 0.0.0.0 202.162.196.126

ip route 0.0.0.0 0.0.0.0 124.195.16.105

ip route 0.0.0.0 0.0.0.0 Vlan50 dhcp

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat log translations syslog

ip nat inside source route-map mapDKI1 interface Vlan20 overload

ip nat inside source route-map mapJaring interface Vlan50 overload

ip nat inside source route-map mapNusa interface Vlan40 overload

!

access-list 106 permit ip 192.168.0.240 0.0.0.15 any

access-list 108 permit ip 192.168.10.0 0.0.4.255 any

access-list 108 permit ip 172.18.18.0 0.0.0.3 any

access-list 109 permit ip 192.168.0.208 0.0.0.15 any

route-map mapDKI1 permit 10

match ip address 106

set ip default next-hop 124.195.16.105

!

route-map mapJaring permit 10

match ip address 109

set ip default next-hop 10.11.0.1

!

route-map mapNusa permit 10

match ip address 108

set ip default next-hop 202.162.196.126 10.11.0.1

!

We try to trace from client, and the routing seem like confused, sometimes all subnet seem like didnt get any translation, please help us again. Thanks in advance.

Can you provide a trace from what you are seeing?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: