11-28-2006 07:00 AM - edited 03-03-2019 02:50 PM
We have problem with configure NAT with multi ISP, we using Cisco 2811 in our client, and we have make this configuration below :
...
ip subnet-zero
!
!
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip name-server 202.152.165.36
ip name-server 202.152.165.39
ip name-server 202.93.40.174
!
username cisco privilege 15 secret 5 $1$XbGJ$TROEKWhQ8.XkqUAeNEEKL.
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
description VLAN-ID:11
encapsulation dot1Q 11 native
ip address 192.168.0.190 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.2
description VLAN-ID:12
encapsulation dot1Q 12
ip address 192.168.0.206 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.3
description VLAN-ID:13
encapsulation dot1Q 13
ip address 192.168.0.222 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.4
description VLAN-ID:14
encapsulation dot1Q 14
ip address 192.168.0.238 255.255.255.240
no snmp trap link-status
!
interface FastEthernet0/0.5
description VLAN-ID:15
encapsulation dot1Q 15
ip address 192.168.0.254 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.6
encapsulation dot1Q 16
ip address 192.168.0.174 255.255.255.240
no snmp trap link-status
!
interface FastEthernet0/1
ip address 172.18.18.1 255.255.255.252
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1/0
description Link PT.DKI-I
switchport access vlan 20
speed 100
!
interface FastEthernet0/1/1
description Link PT.DKI-II
switchport access vlan 30
!
interface FastEthernet0/1/2
description Link Nusa.Net
switchport access vlan 40
!
interface FastEthernet0/1/3
description JARING.MY
switchport access vlan 50
!
interface Vlan1
no ip address
!
interface Vlan13
no ip address
ip nat inside
!
interface Vlan20
description PT.DKI-I
ip address 124.195.x.x.255.255.252
ip nat outside
!
interface Vlan30
description PT.DKI-II
ip address 124.195.x.x.255.255.252
ip nat outside
!
interface Vlan40
description NUSA.Net
ip address 202.162.x.x.255.255.192
ip nat outside
!
interface Vlan50
description JARING.MY
ip dhcp client lease 1 0 0
ip address dhcp
ip nat outside
!
ip classless
ip route 0.0.0.0 0.0.x.x.195.16.105
ip route 0.0.0.0 0.0.0.0 202.162.196.126
ip route 172.18.18.4 255.255.255.252 172.18.18.2
ip route 192.168.10.0 255.255.255.192 172.18.18.2
ip route 192.168.10.64 255.255.255.192
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1/3 dhcp
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat log translations syslog
ip nat pool mapDKI1 124.195.16.106 124.195.16.106 netmask 255.255.255.252
ip nat pool mapNusa 202.162.196.103 202.162.196.103 netmask 255.255.255.192
ip nat inside source route-map mapDKI1 pool mapDKI1 overload
ip nat inside source route-map mapNusa pool mapNusa overload
!
access-list 106 permit ip 192.168.0.0 0.0.4.255 any
access-list 108 permit ip 172.18.18.0 0.0.0.4 any
route-map mapDKI1 permit 10
match ip address 106
set ip next-hop 124.195.16.105
!
route-map mapJaring permit 10
match ip address 109
set ip next-hop 10.11.0.1
!
route-map mapNusa permit 10
match ip address 108
set ip default next-hop 202.162.196.126
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end
Masdulhak#
We have try this NAT function to each ISP but come with No Result. Please help us.
Solved! Go to Solution.
11-28-2006 08:43 AM
Can you post the output from typing
#show ip nat translations
Also, you can try changing the configuration like this
no ip nat pool mapDKI1 124.195.16.106 124.195.16.106 netmask 255.255.255.252
no ip nat pool mapNusa 202.162.196.103 202.162.196.103 netmask 255.255.255.192
ip nat inside source route-map mapDKI1 interface Vlan20 overload
ip nat inside source route-map mapNusa interface Vlan40 overload
!
access-list 106 permit ip 192.168.0.0 0.0.4.255 any
access-list 108 permit ip 172.18.18.0 0.0.0.4 any
route-map mapDKI1 permit 10
match ip address 106
no set ip next-hop 124.195.16.105
set ip default next-hop 124.195.16.105
!
!
route-map mapNusa permit 10
match ip address 108
set ip default next-hop 202.162.196.126
11-28-2006 08:43 AM
Can you post the output from typing
#show ip nat translations
Also, you can try changing the configuration like this
no ip nat pool mapDKI1 124.195.16.106 124.195.16.106 netmask 255.255.255.252
no ip nat pool mapNusa 202.162.196.103 202.162.196.103 netmask 255.255.255.192
ip nat inside source route-map mapDKI1 interface Vlan20 overload
ip nat inside source route-map mapNusa interface Vlan40 overload
!
access-list 106 permit ip 192.168.0.0 0.0.4.255 any
access-list 108 permit ip 172.18.18.0 0.0.0.4 any
route-map mapDKI1 permit 10
match ip address 106
no set ip next-hop 124.195.16.105
set ip default next-hop 124.195.16.105
!
!
route-map mapNusa permit 10
match ip address 108
set ip default next-hop 202.162.196.126
11-30-2006 05:39 AM
We have try to apply the new configuration, and here is they are ;
ip subnet-zero
!
!
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip name-server 202.x.x.36
ip name-server 202.x.x.39
ip name-server 202.x.x.174
ip name-server 202.x2.x.10
ip name-server 202.x.x.11
!
username cisco privilege 15 secret xxx
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
description VLAN-ID:11
encapsulation dot1Q 11 native
ip address 192.168.0.190 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.2
description VLAN-ID:12
encapsulation dot1Q 12
ip address 192.168.0.206 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.3
description VLAN-ID:13
encapsulation dot1Q 13
ip address 192.168.0.222 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.4
description VLAN-ID:14
encapsulation dot1Q 14
ip address 192.168.0.238 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.5
description VLAN-ID:15
encapsulation dot1Q 15
ip address 192.168.0.254 255.255.255.240
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.6
encapsulation dot1Q 16
ip address 192.168.0.174 255.255.255.240
no snmp trap link-status
!
interface FastEthernet0/0.7
description VLAN-ID:17
encapsulation dot1Q 17
ip address 192.168.1.254 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/1
ip address 172.18.18.1 255.255.255.252
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1/0
description Link PT.DKI-I
switchport access vlan 20
speed 100
!
interface FastEthernet0/1/1
description Link PT.DKI-II
switchport access vlan 30
!
interface FastEthernet0/1/2
description Link Nusa.Net
switchport access vlan 40
!
interface FastEthernet0/1/3
description JARING.MY
switchport access vlan 50
!
interface Vlan1
no ip address
!
interface Vlan13
no ip address
ip nat inside
!
interface Vlan14
no ip address
ip nat inside
!
interface Vlan20
description PT.DKI-I
ip address 124.195.x.x.255.255.252
ip nat outside
!
interface Vlan30
description PT.DKI-II
ip address 124.195.x.x.255.255.252
ip nat outside
!
interface Vlan40
description NUSA.Net
ip address 202.162.x.x.255.255.192
ip nat outside
!
interface Vlan50
description JARING.MY
ip dhcp client lease 1 0 0
ip address dhcp
ip nat outside
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.162.196.126
ip route 0.0.0.0 0.0.0.0 124.195.16.105
ip route 172.18.18.4 255.255.255.252 172.18.18.2
ip route 192.168.11.192 255.255.255.192 172.18.18.2
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat log translations syslog
ip nat inside source route-map mapDKI1 interface Vlan20 overload
ip nat inside source route-map mapNusa interface Vlan40 overload
!
access-list 106 permit ip 172.18.18.0 0.0.0.3 any
access-list 106 permit ip 192.168.11.192 0.0.0.63 any
access-list 108 permit ip 192.168.0.240 0.0.0.15 any
access-list 108 permit ip 192.168.0.224 0.0.0.15 any
route-map mapDKI1 permit 10
match ip address 106
set ip default next-hop 124.195.16.105
!
route-map mapNusa permit 10
match ip address 108
set ip default next-hop 202.162.196.126
!
!
control-plane
!
!
!
end
All trafic have run to their each translation, but the network seem have lack respond, please give us some advice with our configuration.
Regards
11-30-2006 05:41 AM
And for additional information here is the result from show ip nat stat and show ip nat trans ;
Masdulhak#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 202.162.196.103:517 192.168.0.249:512 209.131.36.158:512 209.131.36.158:517
tcp 202.162.196.103:1157 192.168.0.249:1157 68.142.197.198:80 68.142.197.198:80
tcp 202.162.196.103:1158 192.168.0.249:1158 209.131.36.158:80 209.131.36.158:80
tcp 202.162.196.103:1159 192.168.0.249:1159 202.158.66.20:80 202.158.66.20:80
icmp 202.162.196.103:512 192.168.0.253:512 66.94.234.13:512 66.94.234.13:512
udp 202.162.196.103:1039 192.168.0.253:1039 202.152.5.36:53 202.152.5.36:53
udp 202.162.196.103:1039 192.168.0.253:1039 202.162.192.10:53 202.162.192.10:53
udp 202.162.196.103:1039 192.168.0.253:1039 202.162.192.11:53 202.162.192.11:53
icmp 124.195.16.106:512 192.168.11.193:512 202.158.66.190:512 202.158.66.190:512
Masdulhak#sh ip nat stat
Total active translations: 12 (0 static, 12 dynamic; 12 extended)
Outside interfaces:
Vlan20, Vlan30, Vlan40, Vlan50
Inside interfaces:
FastEthernet0/0.1, FastEthernet0/0.2, FastEthernet0/0.3, FastEthernet0/0.4
FastEthernet0/0.5, FastEthernet0/1, Vlan13, Vlan14
Hits: 9867 Misses: 239
CEF Translated packets: 8965, CEF Punted packets: 957
Expired translations: 290
Dynamic mappings:
-- Inside Source
[Id: 1] route-map mapDKI1 interface Vlan20 refcount 3
[Id: 3] route-map mapNusa interface Vlan40 refcount 9
Queued Packets: 0
Masdulhak#
Thank you.
12-02-2006 08:20 AM
Edison,
here we give last update of our configuration:
interface Vlan20
description PT.DKI-I
ip address 124.195.16.106 255.255.255.252
ip nat outside
!
interface Vlan30
description PT.DKI-II
no ip address
ip nat outside
!
interface Vlan40
description NUSA.Net
ip address 202.162.196.103 255.255.255.192
ip nat outside
!
interface Vlan50
description JARING.MY
ip dhcp client lease 1 0 0
ip address dhcp
ip nat outside
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.162.196.126
ip route 0.0.0.0 0.0.0.0 124.195.16.105
ip route 0.0.0.0 0.0.0.0 Vlan50 dhcp
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat log translations syslog
ip nat inside source route-map mapDKI1 interface Vlan20 overload
ip nat inside source route-map mapJaring interface Vlan50 overload
ip nat inside source route-map mapNusa interface Vlan40 overload
!
access-list 106 permit ip 192.168.0.240 0.0.0.15 any
access-list 108 permit ip 192.168.10.0 0.0.4.255 any
access-list 108 permit ip 172.18.18.0 0.0.0.3 any
access-list 109 permit ip 192.168.0.208 0.0.0.15 any
route-map mapDKI1 permit 10
match ip address 106
set ip default next-hop 124.195.16.105
!
route-map mapJaring permit 10
match ip address 109
set ip default next-hop 10.11.0.1
!
route-map mapNusa permit 10
match ip address 108
set ip default next-hop 202.162.196.126 10.11.0.1
!
We try to trace from client, and the routing seem like confused, sometimes all subnet seem like didnt get any translation, please help us again. Thanks in advance.
12-05-2006 09:20 AM
Can you provide a trace from what you are seeing?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide