11-15-2004 01:58 AM
Does anyone have an example of PAT using route-maps? I have set up 2 route-maps, one for the serial interface and one for the bri. I can get the bri to back up the serial line but when the serial line comes back up it won't re-learn its routes and the isdn keeps dialing. Debug shows dropped translation packets.
username X password 0 cisco
!
interface Ethernet0
ip address 192.168.4.3 255.255.255.0
ip nat inside
!
interface Serial0
ip address 192.40.0.6 255.255.255.252
ip nat outside
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
!
interface Dialer1
ip address 192.40.0.74 255.255.255.252
ip nat outside
encapsulation ppp
dialer pool 1
dialer remote-name X
dialer idle-timeout 40
dialer string xxxxxxx
dialer-group 1
ppp authentication chap
!
router eigrp 1
passive-interface Dialer1
network 192.40.0.0
no auto-summary
!
ip nat translation finrst-timeout 90
ip nat inside source route-map TEST interface Serial0 overload
ip nat inside source route-map TEST2 interface Dialer1 overload
ip classless
ip route 192.39.0.0 255.255.255.0 192.40.0.73 150
ip route 192.39.1.0 255.255.255.0 192.40.0.73 150
ip route 192.168.13.0 255.255.255.0 192.168.4.1
no ip http server
!
access-list 1 permit any
dialer-list 1 protocol ip permit
route-map TEST permit 10
match ip address 1
match interface Serial0
!
route-map TEST2 permit 10
match ip address 1
match interface Dialer1
!
11-15-2004 06:43 AM
Your config does not show the ACL you are using for NAT. If there is none, that might be the issue. As you are accepting all traffic for PAT, the routing updates are processed as well, and discarded subsequentially.
Try to enter access-list 1 and permit only source addresses on the ethernet side i.e.
access-list 1 permit 192.168.4.0 0.0.0.255
You could also make the dialer a backup interface for serial0, as a temporary step to assist in troubleshooting. It will switch the dialer in standby mode and hence force the use of the other path.
Regards,
Leo
11-15-2004 07:08 AM
Thanks Leo,
I have omitted the ACL's by mistake I have entered a network to be permitted. I shall, however, try the backup interface as test.
Thanks
Dave
11-17-2004 06:39 AM
I can only get this configuration working when I clear ip nat translations. I ping from the client and all is ok, drop the s0 and the bri kicks in but the pings wont work until I clear the translations.
This is now my config:
version 12.1
!
hostname X
!
logging buffered 4096 debugging
!
username Y password 0 cisco
!
!
!
!
ip subnet-zero
!
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 192.168.4.3 255.255.255.0
ip nat inside
no ip route-cache
!
interface Serial0
ip address 192.40.0.6 255.255.255.252
ip nat outside
no ip route-cache
!
interface BRI0
no ip address
encapsulation ppp
no ip route-cache
dialer pool-member 1
isdn switch-type basic-net3
!
interface Dialer1
ip address 192.40.0.74 255.255.255.252
ip nat outside
encapsulation ppp
dialer pool 1
dialer remote-name Y
dialer idle-timeout 40
dialer string 384700
dialer-group 1
ppp authentication chap
!
router eigrp 1
passive-interface BRI0
passive-interface Dialer1
network 192.40.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip nat inside source route-map TEST interface Serial0 overload
ip nat inside source route-map TEST2 interface Dialer1 overload
ip classless
ip route 192.39.1.0 255.255.255.0 192.40.0.73 150
no ip http server
!
access-list 1 permit 192.168.4.4
dialer-list 1 protocol ip permit
route-map TEST permit 10
match ip address 1
match interface Serial0
!
route-map TEST2 permit 10
match ip address 1
match interface Dialer1
!
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide