12-13-2001 08:48 AM - edited 03-01-2019 07:44 PM
Hi, I have a Cisco 2621 with a ISDN WIC running 12.2(3) single DES and currently have public addressing setup(on FE0/0) and I'm trying to switch over to private space.
My idea was to take setup my private network on the available FE0/1. I set NAT up as a dynamic tranlation and in my pool only included 1 address(which is a public address not used on FE0/0). My problem as soon as i apply the 'ip nat outside' to my dialer 1 interface is that routing stops for the public addressed net on FE0/0. Nothing shows with a show ip nat tran(or stat). What is causing this? Is it that my address in my NAT pool exists on the FE0/0 network(although not being used)?
Thank you.
12-13-2001 01:09 PM
Can you post the config leaving out stuff we don't want to see ?
12-14-2001 07:37 AM
I hope this isn't too much. For aninimity I replaced our public net with 192.168.50.0 and changed some other numbering, but this is accurate of what I'm running.
Building configuration...
!
version 12.2
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key keyname address 208.120.60.254
crypto isakmp key keyname address 216.80.75.68
!
!
crypto ipsec transform-set ecset esp-des esp-md5-hmac
!
crypto map ecmap 10 ipsec-isakmp
set peer 208.120.60.254
set transform-set ecset
match address 105
crypto map ecmap 11 ipsec-isakmp
set peer 216.80.75.68
set transform-set ecset
match address 106
!
interface FastEthernet0/0
description connected to EthernetLAN
ip address 192.168.50.193 255.255.255.192
no keepalive
duplex auto
speed auto
!
interface BRI0/0
description connected to Internet
bandwidth 64000
no ip address
ip access-group 101 in
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-ni
fair-queue
no cdp enable
crypto map ecmap
ip nat outside
!
interface FastEthernet0/1
description connected to Private LAN
ip address 192.168.110.1 255.255.255.0
no keepalive
duplex auto
speed auto
ip nat inside
!
interface Dialer1
ip address negotiated
ip access-group 101 in
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 2147483
dialer hold-queue 1
dialer load-threshold 1 outbound
dialer-group 1
fair-queue 64 256 0
no cdp enable
ppp authentication chap pap callin
ppp multilink
crypto map ecmap
ip nat outside
!
interface Dialer2
ip unnumbered FastEthernet0/0
encapsulation ppp
ip tcp header-compression passive
no ip mroute-cache
dialer in-band
dialer-group 1
peer default ip address pool Cisco2621-Group-2
no cdp enable
ppp authentication pap
!
ip nat pool ecnat 192.168.50.254 192.168.50.254 prefix-length 26
ip nat inside source list 122 pool ecnat overload
ip nat inside source route-map nonat interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 5
!
access-list 105 permit ip 192.168.50.192 0.0.0.63 208.120.60.224 0.0.0.31
access-list 105 deny ip 192.168.50.192 0.0.0.63 any
access-list 106 permit ip 192.168.50.192 0.0.0.63 host 216.80.75.68
access-list 106 permit ip 192.168.50.192 0.0.0.63 192.168.160.0 0.0.0.255
access-list 106 deny ip 192.168.50.192 0.0.0.63 any
access-list 122 deny ip 192.168.110.0 0.0.0.255 host 216.80.75.68
access-list 122 deny ip 192.168.110.0 0.0.0.255 208.120.60.224 0.0.0.31
access-list 122 permit ip 192.168.110.0 0.0.0.255 any
access-list 122 deny ip any any
route-map nonat permit 10
match ip address 122
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide