Solved: Your NAT is configured in a

paulierco · ‎01-14-2015

Hi all,

I have a Cisco 892 with 2 ISP connection, both of them with PPPoE, both connection are from the same ISP and have the same speed. I want to use both connection at the same time.

The problem is when both Dialer 1 and Dialer 2 are up, only some webpages and some ip are working, some of them are down or no ping response.

Current configuration : 3227 bytes

!

! Last configuration change at 20:52:24 UTC Wed Jan 14 2015

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname R1

!

boot-start-marker

boot system flash:c890-universalk9-mz.152-1.T.bin

boot-end-marker

!

enable secret 5 $1$JV0k$qFkH1iLsyzfpKQQpmMMfz.

enable password 7 121A0C041104

!

no aaa new-model

!

service-module wlan-ap 0 bootimage autonomous

crypto pki token default removal timeout 0

!

no ip dhcp use vrf connected

!

ip dhcp pool lan

network 192.168.4.0 255.255.255.0

default-router 192.168.4.1

dns-server 8.8.8.8

!

no ip domain lookup

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

license udi pid CISCO892W-AGN-E-K9 sn FCZ1422C135

!

username paulierco privilege 15 secret 5 $1$oRrI$Nr18GHkQ6n74Bc/CdPNPF1

!

interface Loopback0

no ip address

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

isdn termination multidrop

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

no ip address

!

interface FastEthernet5

no ip address

!

interface FastEthernet6

no ip address

!

interface FastEthernet7

no ip address

!

interface FastEthernet8

no ip address

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 2

!

interface GigabitEthernet0

description RDS1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1452

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip address 192.168.1.10 255.255.255.0

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

no ip address

!

interface Vlan1

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Dialer1

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp pap sent-username AR212169617 password 7 0502031D22435D0817

ppp ipcp dns request accept

ppp ipcp route default

ppp ipcp address accept

!

interface Dialer2

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 2

dialer-group 2

ppp pap sent-username PPP19026277 password 7 062D2E0F6E762D

ppp ipcp dns request

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

ip nat inside source list 100 interface Dialer1 overload

!

access-list 100 permit ip 192.168.4.0 0.0.0.255 any

!

control-plane

!

mgcp profile default

!

banner motd ^Cmessage of the day^C

!

line con 0

password 7 060506324F41

logging synchronous

login

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin udptn ssh

line aux 0

line vty 0 4

password 7 070C285F4D06

login

transport input telnet ssh

!

scheduler max-task-time 5000

end

After i did some digging with ip nat translation i found that only Dialer 1 works and i have no traffic from Dialer 2.

R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

BRI0 unassigned YES NVRAM administratively down down

BRI0:1 unassigned YES unset administratively down down

BRI0:2 unassigned YES unset administratively down down

Dialer1 86.125.201.40 YES IPCP up up

Dialer2 86.125.209.138 YES IPCP up up

FastEthernet0 unassigned YES unset down down

FastEthernet1 unassigned YES unset down down

FastEthernet2 unassigned YES unset down down

FastEthernet3 unassigned YES unset up up

FastEthernet4 unassigned YES unset up up

FastEthernet5 unassigned YES unset down down

FastEthernet6 unassigned YES unset down down

FastEthernet7 unassigned YES unset down down

FastEthernet8 unassigned YES NVRAM up up

GigabitEthernet0 unassigned YES NVRAM up up

Loopback0 unassigned YES unset up up

NVI0 192.168.1.10 YES unset up up

Virtual-Access1 unassigned YES unset up up

Virtual-Access2 unassigned YES unset up up

Virtual-Access3 unassigned YES unset up up

Vlan1 192.168.4.1 YES NVRAM up up

Wlan-GigabitEthernet0 unassigned YES unset up up

wlan-ap0 192.168.1.10 YES NVRAM up up

Pro Inside global Inside local Outside local Outside global

udp 86.125.201.40:20481 192.168.4.116:20481 145.255.179.216:20820 145.255.179.216:20820

udp 86.125.201.40:20481 192.168.4.116:20481 151.225.129.78:53754 151.225.129.78:53754

udp 86.125.201.40:20481 192.168.4.116:20481 154.20.117.60:6881 154.20.117.60:6881

Thanks and any advice are welcome,

Paul

Karsten Iwen · ‎01-15-2015

Your NAT is configured in a way that regardless of the outgoing interface, always Di1-IP is used. That can be corrected with the following NAT:

ip nat inside source route-map NAT-1 interface Dialer1 overload
ip nat inside source route-map NAT-2 interface Dialer2 overload
!
route-map NAT-1 permit 10
 match ip address 100
 match interface Dialer1
route-map NAT-2 permit 10
 match ip address 100
 match interface Dialer2

View solution in original post

Karsten Iwen · ‎01-15-2015

And most important: Change the passwords on your Router NOW!!!

View solution in original post

Karsten Iwen · ‎01-15-2015

what is the actual NAT-config? Your old dynamic nat "ip nat inside source ..." has to be replaced by the new config.

View solution in original post

Karsten Iwen · ‎01-15-2015

Your NAT is configured in a way that regardless of the outgoing interface, always Di1-IP is used. That can be corrected with the following NAT:

ip nat inside source route-map NAT-1 interface Dialer1 overload
ip nat inside source route-map NAT-2 interface Dialer2 overload
!
route-map NAT-1 permit 10
 match ip address 100
 match interface Dialer1
route-map NAT-2 permit 10
 match ip address 100
 match interface Dialer2

paulierco · ‎01-15-2015

HI,

Router is a temporary setup, is not on use.

I try your configuration but it doesn't work, same problem.

Karsten Iwen · ‎01-15-2015

what is the actual NAT-config? Your old dynamic nat "ip nat inside source ..." has to be replaced by the new config.

paulierco · ‎01-15-2015

You're a great man! It works!

Thanks

Karsten Iwen · ‎01-15-2015

And most important: Change the passwords on your Router NOW!!!

Dual WAN PPPoE