Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Dialer profile with NAT

I need to know if it's possible to know which host of the internal network open a dialin call to ISP and connect the router to Internet. The config is:

interface Ethernet0

ip address

no ip directed-broadcast

ip nat inside

load-interval 30

no cdp enable


interface Dialer10

ip address

no ip directed-broadcast

ip nat outside

encapsulation ppp

dialer remote-name xxx

dialer pool 10

dialer string 1xxxxxxxx

dialer-group 5

pulse-time 0

no cdp enable

ppp authentication chap

ppp chap hostname cdfgvhg


dialer-list 5 protocol ip list 110


ip nat inside source list 110 interface Dialer9 overload


access-list 105 permit ip any log

access-list 110 permit ip any log


I have activated a syslog and the "debug dialer" command, but the output looks like this:

May 7 09:57:06.378: BRI0 DDR: rotor dialout [priority]

May 7 09:57:06.382: BRI0 DDR: Dialing cause ip (s=, d=

May 7 09:57:06.386: BRI0 DDR: Attempting to dial 12345678

May 7 11:57:06: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 64 changed to up

May 7 09:57:06.602: BRI0: wait for isdn carrier timeout, call id=0x8001

May 7 09:57:06.606: BRI0 DDR: Attempting to dial 1xxxxxx

May 7 11:57:09: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

May 7 09:57:09.330: BRI0:1: interface must be fifo queue, force fifo

May 7 11:57:09: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer9

May 7 09:57:09.454: BRI0:1 DDR: dialer protocol up

May 7 11:57:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up

It seems like address translation is performed before the establishment of the connection with ISP. In this way i cannot know which is the IP address of internal host, but i have to do it in order to stop undesired connection. Can you help me?


Re: Dialer profile with NAT

Enable "debug dialer" and "debug ip nat", and prior to

the dialer debug output you will see the

NAT translation debug with the inside address.

However, the NAT debug will be too chatty

to be effective (you get a lot more than

you need).

It would be best if you could identify in

advance who you want to have dialout and who

you don't, and configure your access-lists


CreatePlease to create content