Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dialer profile with NAT

I need to know if it's possible to know which host of the internal network open a dialin call to ISP and connect the router to Internet. The config is:

interface Ethernet0

ip address 192.168.0.249 255.255.255.0

no ip directed-broadcast

ip nat inside

load-interval 30

no cdp enable

!

interface Dialer10

ip address 10.3.3.254 255.255.255.0

no ip directed-broadcast

ip nat outside

encapsulation ppp

dialer remote-name xxx

dialer pool 10

dialer string 1xxxxxxxx

dialer-group 5

pulse-time 0

no cdp enable

ppp authentication chap

ppp chap hostname cdfgvhg

!

dialer-list 5 protocol ip list 110

!

ip nat inside source list 110 interface Dialer9 overload

!

access-list 105 permit ip 192.168.0.0 0.0.0.255 any log

access-list 110 permit ip 192.168.0.0 0.0.0.255 any log

!

I have activated a syslog and the "debug dialer" command, but the output looks like this:

May 7 09:57:06.378: BRI0 DDR: rotor dialout [priority]

May 7 09:57:06.382: BRI0 DDR: Dialing cause ip (s=10.3.3.254, d=10.3.3.3)

May 7 09:57:06.386: BRI0 DDR: Attempting to dial 12345678

May 7 11:57:06: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 64 changed to up

May 7 09:57:06.602: BRI0: wait for isdn carrier timeout, call id=0x8001

May 7 09:57:06.606: BRI0 DDR: Attempting to dial 1xxxxxx

May 7 11:57:09: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

May 7 09:57:09.330: BRI0:1: interface must be fifo queue, force fifo

May 7 11:57:09: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer9

May 7 09:57:09.454: BRI0:1 DDR: dialer protocol up

May 7 11:57:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up

It seems like address translation is performed before the establishment of the connection with ISP. In this way i cannot know which is the IP address of internal host, but i have to do it in order to stop undesired connection. Can you help me?

  • Other Network Infrastructure Subjects
3 REPLIES
Anonymous
N/A

Re: Dialer profile with NAT

Enable "debug dialer" and "debug ip nat", and prior to

the dialer debug output you will see the

NAT translation debug with the inside address.

However, the NAT debug will be too chatty

to be effective (you get a lot more than

you need).

It would be best if you could identify in

advance who you want to have dialout and who

you don't, and configure your access-lists

accordingly.

New Member

Re: Dialer profile with NAT

Once the traffic has been natted, there is no way to determine it's original source address. However, you can accomplish what you are proposing simply by changing access-list 110. Rather than specifing 192.168.0.0/24, try specifying the specific source address. Cisco also lets you use neat things like time based access-lists.

New Member

Re: Dialer profile with NAT

Once the traffic has been natted, there is no way to determine it's original source address. However, you can accomplish what you are proposing simply by changing access-list 110. Rather than specifing 192.168.0.0/24, try specifying the specific source address. Cisco also lets you use neat things like time based access-lists.

80
Views
0
Helpful
3
Replies