cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
288
Views
0
Helpful
4
Replies

inside nat with more Dialer

h-koch
Level 1
Level 1

Hello,

is IOS supporting ip nat inside with 2 Dialers?.

I needed to conect to 2 ISP , the 2 Dialers are configured with ip address negotiated and ip nat outside.

Thanks.

4 Replies 4

hbaerten
Level 4
Level 4

Yes, this works.

This is (part of) the config we use on one of our dialout routers (C3620-I-M), IOS 12.2(10a):

interface Dialer700

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name ****

dialer idle-timeout 30

dialer string ****

dialer-group 1

peer default ip address 10.****

no cdp enable

ppp authentication pap callin

ppp pap sent-username **** password 7 ****

!

interface Dialer702

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name ****

dialer idle-timeout 30

dialer string ****

dialer caller ****

dialer-group 1

peer default ip address 10.****

no cdp enable

ppp authentication chap

ppp chap hostname ****

ppp chap password 7 ****

!

ip nat inside source list 105 interface Dialer700 overload

ip nat inside source list 106 interface Dialer702 overload

!

access-list 105 remark source list for NAT towards **** - see dialer700

access-list 105 permit ip any host 10.****

access-list 106 remark source list for NAT towards ****

access-list 106 permit ip any host 10.****

Of course you'll need to adapt this for your particular situation, mainly the ACLs to match your traffic patterns, and the authentication on the dialers.

hth

Herbert

Hello Herbert,

thanks for your quick reply.

Have problem to understand the config entry ,,peer default ip address x.y.x.y

is it the ip address from the Ethernet ?

and ,, source list for NAT towards x.y.x.y,,

Thanks a lot.

Brgds Harald

1/ regarding "peer default ip address xxxx":

No this is not the ip address of the ethernet.

This actually assigns an ip address to the peer, so you will probably not need it, right now I'm not even sure why we are doing it.

2/ regarding the accesslists:

ip nat inside source list 105 interface Dialer700 overload

defines that all traffic matching list 105 will be NAT'ed, i.e. the source will be translated to the address (dynamically) assigned to interface dialer 700.

So list 105 defines which traffic needs to be translated when going out this interface. I don't know how you route some traffic over one dialer and other traffic over the other so I cannot determine this for you, but generally if you have a static route like this:

ip route 192.168.1.0 255.255.255.0 Dialer 700

you should have an accesslist like this:

access-list 105 permit ip any 192.168.1.0 0.0.0.255

Similarly for the other dialer:

ip nat inside source list 106 interface Dialer700 overload

ip route 172.16.0.0 255.255.0.0 Dialer 702

access-list 106 permit ip any 172.16.0.0 0.0.255.255

If it's still not clear let me know :)

regards

Herbert

Hi Herbert,

thanks a lot it works. :))

Brgds Harald

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: