Hi Julio,

and which interface should have set ip nat inside? Vlan1, right?

I am also not sure how to set up ACL...

it should be like: ?

ip nat inside source list ACL1 pool A overload

Hi Phil

The ip nat inside is configured under the interface pointing or associated to your internal networks or corporate networks. Now the ip nat outside is configured under the exit interface in the most of the cases it is configured under the interface facing to the ISP or Internet. 

Now an example could be:

Router 

Int g0/0

description ISP-INTERNET

ip add 190.190.190.5 255.255.255.248

ip nat outside

no shutdown

Int g0/1

description MY-LAN1

ip add 172.16.10.1 255.255.255.0

ip nat inside

no shutdown

Int g0/2

description MY-LAN2

ip add 172.17.25.1 255.255.255.0

ip nat inside

no shutdown

ip access-list standard MY-PRIVATE-NETWORKS

permit 172.16.10.0 0.0.0.255

permit 172.17.25.0 0.0.0.255

ip nat inside source list MY-PRIVATE-NETWORKS interface g0/0 overload

ip route 0.0.0.0 0.0.0.0 g0/0

or

ip route 0.0.0.0 0.0.0.0 190.190.190.5  ; Assuming it is configured on the ISP side or it is the gateway of the network 190.190.190.0/29

It is just an example but can be adjusted to your configuration. 

:-)

let me do what you advised and I will reply, thank you :)

You are welcome Phil, if you don't know your public IPs you could try with:

ip nat inside source list MY-PRIVATE-NETWORKS interface dialer2 overload

or 

ip nat inside source list MY-PRIVATE-NETWORKS interface cellular0 overload

if you want to test you could configure the loopback0 with ip nat inside and include the IP into the ACL, then you can execute:

ping 8.8.8.8 source loopback0

It should work

:-)

Hi Julio,

I included ACL, however now I am able to ping via loopback and not via cellular if.

ping 8.8.8.8 source loopback0 - IS OK

ping 8.8.8.8 source cellular 0  - IS NOT WORKING

Hi

Could you please share your configuration? The trouble with the cellular0 could be because it is going through its own ISP and the default route is pointing to the Dialer2. We should verify the path from both souces in order to know the prefer path. 

Thank you in advance

Here it is,

I just swap my public IP with 1.2.3.4

Building configuration...

Current configuration : 3416 bytes
!
! Last configuration change at 16:18:10 UTC Wed Feb 28 2018
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
ip dhcp pool testpool
network 192.168.1.0 255.255.255.0
!
ip dhcp pool A
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 8.8.8.8 8.8.4.4
lease 9
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
chat-script CellScript "" "AT!CALL" TIMEOUT 60 "OK"
chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT"
!
!
!
!
!
license udi pid C881G-4G-GA-K9 sn FCZ2147E2DH
!
!
username admin privilege 15 password 0 admin
!
redundancy
!
!
!
!
!
controller Cellular 0
lte sim data-profile 1 attach-profile 1 slot 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer string cdma
dialer string gsm
dialer watch-group 1
dialer-group 1
async mode interactive
!
interface Cellular1
no ip address
encapsulation slip
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
description LAN
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer2
ip address negotiated
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer idle-timeout 0
dialer string CellScript
dialer persistent
dialer-group 2
ppp authentication pap callin
ppp ipcp dns request
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool test 1.2.3.4 1.2.3.4 netmask 255.255.255.0
ip nat inside source list AA interface Cellular0 overload
ip nat inside source list ACL1 pool A overload
ip route 0.0.0.0 0.0.0.0 Dialer2
ip route 0.0.0.0 0.0.0.0 Cellular0
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list standard AA
permit 0.0.0.0
permit 192.168.1.1
permit 172.24.11.41
!
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
ipv6 ioam timestamp
!
access-list 1 permit any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
vstack
!
line con 0
exec-timeout 0 0
script dialer cdma
login
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
stopbits 1
line 3
script dialer CellScript
no exec
speed 384000
line 8
no exec
speed 384000
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

Hi

Thank you, Try again but first shutting down the Dialer2 interface. 

Wow! I did it and I am able to ping 8.8.8.8 via cellular 0 interface!

Thank you very much what was the issue, please?

OK, thank you.

I will erase my config now and "start from the bottom" again :)

I will let you know the results. 

Thank you

Great, thank you Phil

:-)

It works!!!!

Thank you very much! So the only one issue was bad route...!

Thank you so much once more!!!