Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2168
Views
0
Helpful
1
Replies

Multiple NAT dialer interfaces

vorposttt
Level 1
Level 1

‎05-14-2010 11:08 AM - edited ‎03-04-2019 08:29 AM

Hello all,

I have one more question about multiple NATs on a single Cisco box. My config is below. So what I'm trying to do is to provide internet for 192.168.1.10 and 192.168.1.11. I want 192.168.1.10 to go through Dialer2 and 192.168.1.11 to go through Dialer3. So I've tried to configure route-maps as described here http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml . However, the problem is that only one client has internet access at a time.

So if I ping some internet host from both 192.168.1.10 and 192.168.1.11, then both Dialer2 and Dialer3 do dial out. However only one host receives ping replies. If I shut down the corresponding dialer and bring it back up, then the other host starts receiving ping replies. Here is some debug information (currenlty 192.168.1.11 receives ping replies and 192.168.1.10 doesn't):

show ip nat translations

Pro Inside global         Inside local          Outside local         Outside global

icmp 66.249.174.232:59756192.168.1.10:59756    8.8.8.8:59756        8.8.8.8:59756

icmp 66.81.223.186:60012 192.168.1.11:60012    8.8.8.8:60012        8.8.8.8:60012

debug ip nat
show log
Jun 28 18:09:26.189: NAT: s=192.168.1.10->66.249.174.232, d=8.8.8.8 [0]
Jun 28 18:09:26.701: NAT: s=192.168.1.11->66.81.223.186, d=8.8.8.8 [0]
Jun 28 18:09:26.873: NAT: s=8.8.8.8, d=66.81.223.186->192.168.1.11 [0]
Jun 28 18:09:27.189: NAT: s=192.168.1.10->66.249.174.232, d=8.8.8.8 [0]
Jun 28 18:09:27.701: NAT: s=192.168.1.11->66.81.223.186, d=8.8.8.8 [0]
Jun 28 18:09:27.881: NAT: s=8.8.8.8, d=66.81.223.186->192.168.1.11 [0]

It looks like nat changes source for IP packets from 192.168.1.10 but doesn't receive anything back... or it just doesn't send anything? Any help will be appreciated! I have already tried to set up multiple NATs using route-maps, access-lists, and without them, the result was always the same: only a single client has internet access at a time.

Here is my configuration:

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
interface Dialer2
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer string xxxxxxxxxxx
dialer-group 2
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx
ppp ipcp dns request
ppp ipcp mask request
ppp timeout retry 15
interface Dialer3
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer string xxxxxxxxxxx
dialer-group 3
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx
ppp ipcp dns request
ppp ipcp mask request
ppp timeout retry 15
ip route 0.0.0.0 0.0.0.0 Dialer3
ip route 0.0.0.0 0.0.0.0 Dialer2
ip nat inside source route-map nat2 interface Dialer2 overload
ip nat inside source route-map nat3 interface Dialer3 overload
access-list 10 permit 192.168.1.10
access-list 11 permit 192.168.1.11
access-list 101 permit ip any any
route-map nat3 permit 10
match ip address 11
!
route-map nat2 permit 10
match ip address 10

Labels:
0 Helpful
1 Reply 1

vorposttt
Level 1
Level 1

‎05-14-2010 11:20 AM

Sorry, config formatting messed up:

interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex full
 speed 100
 no cdp enable
interface Dialer2
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 600
 dialer string xxxxxxxxxxx
 dialer-group 2
 ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx
 ppp ipcp dns request
 ppp ipcp mask request
 ppp timeout retry 15
interface Dialer3
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 600
 dialer string xxxxxxxxxxx
 dialer-group 3
 ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx
 ppp ipcp dns request
 ppp ipcp mask request
 ppp timeout retry 15
ip route 0.0.0.0 0.0.0.0 Dialer3
ip route 0.0.0.0 0.0.0.0 Dialer2
ip nat inside source route-map nat2 interface Dialer2 overload
ip nat inside source route-map nat3 interface Dialer3 overload
access-list 10 permit 192.168.1.10
access-list 11 permit 192.168.1.11
route-map nat3 permit 10
 match ip address 11
!
route-map nat2 permit 10
 match ip address 10

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
        
    

    
        


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


    
    
        
        
            
        
        
	
    

	

	

	

	

	



				
			
		
		
	
	


		

			

	
		
			        

		
				

        

	


		
			
 
 

		
			
		
			

		
			



  

    

      

        

          
Customers Also Viewed These Support Documents