Hi all,
I'm having some trouble configuring my Cisco 800 router, using NAT and access-lists.
In order to reach partners (each of them defined in a Dialer Profile), I do have to NAT my source IP address and the destination IP address. I use IP nat inside at Ethernet level, and IP nat outside at Dialer level.
I can reach my partners without any problems (I'm performing FTP and I get the prompt)
but my partners cannot FTP my 10.10.10.1 FTP server (natted into Dialer's specific 192.168.22X.X address)
When debugging, I do see Dialer info for incoming calls, but no NAT info > it seems packet do not pass through access lists (I guess this is the problem :-)))
Any help would be highly appreciated as I'm certainly not an expert in NAT and Access-Lists.
Here is my config:
My FTP server is 10.10.10.1 and I need to NAT this address.
interface Ethernet0
ip address 10.10.10.253 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
no keepalive
!
interface BRI0
no ip address
encapsulation ppp
no ip mroute-cache
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication chap callin
!
interface Dialer2
description XXX
ip address 192.168.223.1 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
dialer remote-name router_name
dialer string xxxxxxxxxxxx class mapclass1
dialer caller xxxxxxxxxx
dialer-group 2
ppp authentication chap callin
ppp chap hostname MYROUTERNAME
ppp chap password strong_password
!
interface Dialer3
description XXXYYY
ip address 192.168.224.1 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
dialer remote-name other_routername
dialer string yyyyyyyyyyyyyy class mapclass1
dialer caller yyyyyyyyyyyy
dialer-group 2
ppp authentication chap callin
ppp chap hostname MYROUTERNAME
ppp chap password very_strong_password
!
ip nat inside source route-map XXXYYY interface Dialer3 overload
ip nat inside source route-map XXX interface Dialer2 overload
ip nat outside source static 10.160.67.4 10.4.210.9
ip nat outside source static 10.160.67.2 10.4.210.10
ip nat outside source static 10.160.67.5 10.4.210.11
ip nat outside source static 62.157.189.14 10.4.210.1
ip nat outside source static 10.193.135.34 10.4.210.2
ip nat outside source static 10.193.135.35 10.4.210.3
ip http server
ip classless
ip route 10.4.210.0 255.255.255.248 Dialer3
ip route 10.4.210.8 255.255.255.248 Dialer2
!
access-list 23 permit 10.10.10.0 0.0.0.7 log
access-list 110 permit ip host 10.10.10.1 host 10.4.210.9 log
access-list 110 permit ip host 10.10.10.1 host 10.4.210.10 log
access-list 110 permit ip host 10.10.10.1 host 10.4.210.11 log
access-list 113 permit ip host 10.10.10.1 host 10.4.210.1 log
access-list 113 permit ip host 10.10.10.1 host 10.4.210.2 log
access-list 113 permit ip host 10.10.10.1 host 10.4.210.3 log
dialer-list 2 protocol ip list 101
!
route-map XXXYYY permit 10
match ip address 113
!
route-map XXX permit 10
match ip address 110
!