Hello all,
I have one more question about multiple NATs on a single Cisco box. My config is below. So what I'm trying to do is to provide internet for 192.168.1.10 and 192.168.1.11. I want 192.168.1.10 to go through Dialer2 and 192.168.1.11 to go through Dialer3. So I've tried to configure route-maps as described here http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml . However, the problem is that only one client has internet access at a time.
So if I ping some internet host from both 192.168.1.10 and 192.168.1.11, then both Dialer2 and Dialer3 do dial out. However only one host receives ping replies. If I shut down the corresponding dialer and bring it back up, then the other host starts receiving ping replies. Here is some debug information (currenlty 192.168.1.11 receives ping replies and 192.168.1.10 doesn't):
show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 66.249.174.232:59756192.168.1.10:59756 8.8.8.8:59756 8.8.8.8:59756
icmp 66.81.223.186:60012 192.168.1.11:60012 8.8.8.8:60012 8.8.8.8:60012
debug ip nat
show log
Jun 28 18:09:26.189: NAT: s=192.168.1.10->66.249.174.232, d=8.8.8.8 [0]
Jun 28 18:09:26.701: NAT: s=192.168.1.11->66.81.223.186, d=8.8.8.8 [0]
Jun 28 18:09:26.873: NAT: s=8.8.8.8, d=66.81.223.186->192.168.1.11 [0]
Jun 28 18:09:27.189: NAT: s=192.168.1.10->66.249.174.232, d=8.8.8.8 [0]
Jun 28 18:09:27.701: NAT: s=192.168.1.11->66.81.223.186, d=8.8.8.8 [0]
Jun 28 18:09:27.881: NAT: s=8.8.8.8, d=66.81.223.186->192.168.1.11 [0]
It looks like nat changes source for IP packets from 192.168.1.10 but doesn't receive anything back... or it just doesn't send anything? Any help will be appreciated! I have already tried to set up multiple NATs using route-maps, access-lists, and without them, the result was always the same: only a single client has internet access at a time.
Here is my configuration:
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
interface Dialer2
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer string xxxxxxxxxxx
dialer-group 2
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx
ppp ipcp dns request
ppp ipcp mask request
ppp timeout retry 15
interface Dialer3
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer string xxxxxxxxxxx
dialer-group 3
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxx
ppp ipcp dns request
ppp ipcp mask request
ppp timeout retry 15
ip route 0.0.0.0 0.0.0.0 Dialer3
ip route 0.0.0.0 0.0.0.0 Dialer2
ip nat inside source route-map nat2 interface Dialer2 overload
ip nat inside source route-map nat3 interface Dialer3 overload
access-list 10 permit 192.168.1.10
access-list 11 permit 192.168.1.11
access-list 101 permit ip any any
route-map nat3 permit 10
match ip address 11
!
route-map nat2 permit 10
match ip address 10
