cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1977
Views
0
Helpful
1
Replies

Multiple NAT dialer interfaces

vorposttt
Level 1
Level 1

Hello all,

I have one more question about multiple NATs on a single Cisco box. My config is below. So what I'm trying to do is to provide internet for 192.168.1.10 and 192.168.1.11. I want 192.168.1.10 to go through Dialer2 and 192.168.1.11 to go through Dialer3. So I've tried to configure route-maps as described here http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml . However, the problem is that only one client has internet access at a time.

So if I ping some internet host from both 192.168.1.10 and 192.168.1.11, then both Dialer2 and Dialer3 do dial out. However only one host receives ping replies. If I shut down the corresponding dialer and bring it back up, then the other host starts receiving ping replies. Here is some debug information (currenlty 192.168.1.11 receives ping replies and 192.168.1.10 doesn't):

show ip nat translations

Pro Inside global         Inside local          Outside local         Outside global

icmp 66.249.174.232:59756192.168.1.10:59756    8.8.8.8:59756        8.8.8.8:59756

icmp 66.81.223.186:60012 192.168.1.11:60012    8.8.8.8:60012        8.8.8.8:60012

debug ip nat
show log
Jun 28 18:09:26.189: NAT: s=192.168.1.10->66.249.174.232, d=8.8.8.8 [0]
Jun 28 18:09:26.701: NAT: s=192.168.1.11->66.81.223.186, d=8.8.8.8 [0]
Jun 28 18:09:26.873: NAT: s=8.8.8.8, d=66.81.223.186->192.168.1.11 [0]
Jun 28 18:09:27.189: NAT: s=192.168.1.10->66.249.174.232, d=8.8.8.8 [0]
Jun 28 18:09:27.701: NAT: s=192.168.1.11->66.81.223.186, d=8.8.8.8 [0]
Jun 28 18:09:27.881: NAT: s=8.8.8.8, d=66.81.223.186->192.168.1.11 [0]

It looks like nat changes source for IP packets from 192.168.1.10 but doesn't receive anything back... or it just doesn't send anything? Any help will be appreciated! I have already tried to set up multiple NATs using route-maps, access-lists, and without them, the result was always the same: only a single client has internet access at a time.

Here is my configuration:

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
interface Dialer2
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer string xxxxxxxxxxx
dialer-group 2
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx
ppp ipcp dns request
ppp ipcp mask request
ppp timeout retry 15
interface Dialer3
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer string xxxxxxxxxxx
dialer-group 3
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx
ppp ipcp dns request
ppp ipcp mask request
ppp timeout retry 15
ip route 0.0.0.0 0.0.0.0 Dialer3
ip route 0.0.0.0 0.0.0.0 Dialer2
ip nat inside source route-map nat2 interface Dialer2 overload
ip nat inside source route-map nat3 interface Dialer3 overload
access-list 10 permit 192.168.1.10
access-list 11 permit 192.168.1.11
access-list 101 permit ip any any
route-map nat3 permit 10
match ip address 11
!
route-map nat2 permit 10
match ip address 10

1 Reply 1

vorposttt
Level 1
Level 1

Sorry, config formatting messed up:

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex full

speed 100

no cdp enable

interface Dialer2

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer in-band

dialer idle-timeout 600

dialer string xxxxxxxxxxx

dialer-group 2

ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx

ppp ipcp dns request

ppp ipcp mask request

ppp timeout retry 15

interface Dialer3

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer in-band

dialer idle-timeout 600

dialer string xxxxxxxxxxx

dialer-group 3

ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx

ppp ipcp dns request

ppp ipcp mask request

ppp timeout retry 15

ip route 0.0.0.0 0.0.0.0 Dialer3

ip route 0.0.0.0 0.0.0.0 Dialer2

ip nat inside source route-map nat2 interface Dialer2 overload

ip nat inside source route-map nat3 interface Dialer3 overload

access-list 10 permit 192.168.1.10

access-list 11 permit 192.168.1.11

route-map nat3 permit 10

match ip address 11

!

route-map nat2 permit 10

match ip address 10

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: