01-05-2007 11:19 AM
Greetings to all
I am trying to use DDR to backup an ADSL line with an ISDN using the backup interface method.
When the primary connection goes down (I pull out the cable), the backup interface is brought up but I cannot route interesting traffic to make it dial.
With my limited knowledge the only time I made interface BRI0 to successfully dial (and it works ok) is when I manually changed "ip nat inside source list 102 interface Dialer1 overload" to "ip nat inside source list 102 interface Dialer2 overload" and shutdown dialer1. Note that both ISPs assign dynamic IPs.
My configuration file follows; any suggestions and help would be much appreciated.
Thank you.
!
version 12.2
no service pad
!
hostname router
!
username xxx password 7 xxxx
ip subnet-zero
no ip source-route
ip telnet hidden addresses
ip name-server xxxx.xxxx.xxxx.xxxx
ip name-server xxxx.xxxx.xxxx.xxxx
!
no ip bootp server
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip urlfilter alert
ip audit notify log
ip audit po max-events 100
password encryption aes
isdn switch-type basic-net3
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.0.8 255.255.255.0
ip access-group 111 out
ip nat inside
no ip mroute-cache
no cdp enable
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
!
interface ATM0
no ip address
backup interface BRI0
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode annexb-ur2
!
interface Dialer1
ip address negotiated
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxx password 7 xxxxxxxxxxxx
hold-queue 224 in
!
interface Dialer2
ip address negotiated
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 2
dialer string 8962545555
dialer hold-queue 10
dialer load-threshold 10 either
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 xxxxxxxxxxx
ppp pap sent-username xxxxxxx password 7 xxxxxxxxxx
ppp multilink
!
ip nat inside source list 102 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2 2
no ip http server
no ip http secure-server
!
!
access-list 23 remark controls vty access
access-list 23 deny any
access-list 102 remark controls inside packet access to interface Dialer1 for NAT
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 111 remark controls inside packet access to leave interface Ethernet0
access-list 111 permit ip any 192.168.0.0 0.0.0.255
access-list 111 deny ip any any
access-list 112 remark controls outside packet access to enter interface Dialer1
access-list 112 permit icmp any any echo-reply
access-list 112 permit icmp any any time-exceeded
access-list 112 permit icmp any any packet-too-big
access-list 112 permit icmp any any traceroute
access-list 112 permit icmp any any unreachable
access-list 112 deny udp any any range 33400 34400
access-list 112 deny ip any any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
line con 0
exec-timeout 120 0
login local
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
no exec
length 0
transport input none
!
scheduler max-task-time 5000
no rcapi server
!
end
01-06-2007 06:35 AM
hi
to make your configuration working first u have to add
ip nat inside source list 102 interface Dialer2 overload in your global config
and under atm interface use :
backup interface dialer 2 (and no bri since bri have no config i mean ip address...)
also to enable ppp multilink also you need to add ppp multilink under the bri interface also specify the chap authentication under bri
using ppp authentication chap.
HTH
please do rate the post if it does help
01-08-2007 02:46 AM
Thank you for your answer.
When I add
ip nat inside source list 102 interface Dialer2 overload
I get the following message;
"Dynamic mapping in use, cannot change"
The thing is I must be able to use inside nat translation from one Dialer when the other is brought down.
Regards.
01-08-2007 09:28 AM
hi
the problem here is that your router is already has done some translations so the nat translation table is not empty there is some translation , first you have to success in adding that statement in the config and test it after by just shuting down the dialer 1 interface.
so try to clear all the nat table by
clear ip nat transalation * , but it can give a result as it cannot since the time between clearing it and trying to add your new statement it may do another translation !!!
so an easy way is to remove temporarily the nat outside from dialer 1 interface this will prohibit any new translation from occuring, do a clear ip nat tran.. and add your statement . after that go back to dialr 1 and add the ip nat outside, that you ve removed.
test the solution by bringing down the dialer 1.
and let s us know the result
HTH
01-09-2007 07:05 AM
Following your suggestions I was able to change from
ip nat inside source list 102 interface Dialer1 overload to
ip nat inside source list 102 interface Dialer2 overload.
With the following updated config it works even when dialer1 is up.
The problem is that I can't have both dialer interaces with the same access list to do inside NAT.
When I tried the 2 access list aproach (102 & 103), interesting traffic gets stuck in the preceding one :(
Any ideas?
Thank you for your help.
hostname router
!
no logging buffered
!
username * password *
ip subnet-zero
no ip source-route
ip name-server *
!
no ip bootp server
ip inspect name myfw
ip urlfilter alert
isdn switch-type basic-net3
!
interface Ethernet0
ip address 192.168.0.8 255.255.255.0
ip access-group 111 out
ip nat inside
no ip mroute-cache
no cdp enable
!
interface BRI0
no ip address
encapsulation ppp
no ip mroute-cache
dialer pool-member 2
isdn switch-type basic-net3
ppp multilink
!
interface ATM0
no ip address
backup interface BRI0
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode annexb-ur2
!
interface Dialer1
ip address negotiated
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *
ppp chap password *
ppp pap sent-username * password *
hold-queue 224 in
!
interface Dialer2
ip address negotiated
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 2
dialer string *
dialer hold-queue 10
dialer load-threshold 10 either
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname *
ppp chap password *
ppp pap sent-username * password *
ppp multilink
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source list 103 interface Dialer2 overload
ip classless
ip route 0.0.0.0 0.0.0.0
ip route 0.0.0.0 0.0.0.0 Dialer2 150
no ip http server
no ip http secure-server
!
access-list 102 remark controls inside packet access to interface Dialer1 for NAT
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 103 remark controls inside packet access to interface Dialer2 for NAT
access-list 103 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 deny ip any any
access-list 111 remark controls inside packet access to leave interface Ethernet0
access-list 111 permit icmp any any
access-list 111 deny icmp any any
access-list 111 permit ip any 192.168.0.0 0.0.0.255
access-list 111 deny ip any any
access-list 112 remark controls outside packet access to enter interface Dialer(s)
access-list 112 deny tcp any any
access-list 112 deny udp any any
access-list 112 permit icmp any any
access-list 112 deny ip any any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide