ISDN and PAT

david.j.altass · ‎11-15-2004

Does anyone have an example of PAT using route-maps? I have set up 2 route-maps, one for the serial interface and one for the bri. I can get the bri to back up the serial line but when the serial line comes back up it won't re-learn its routes and the isdn keeps dialing. Debug shows dropped translation packets.

username X password 0 cisco

!

interface Ethernet0

ip address 192.168.4.3 255.255.255.0

ip nat inside

!

interface Serial0

ip address 192.40.0.6 255.255.255.252

ip nat outside

!

interface BRI0

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type basic-net3

!

interface Dialer1

ip address 192.40.0.74 255.255.255.252

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name X

dialer idle-timeout 40

dialer string xxxxxxx

dialer-group 1

ppp authentication chap

!

router eigrp 1

passive-interface Dialer1

network 192.40.0.0

no auto-summary

!

ip nat translation finrst-timeout 90

ip nat inside source route-map TEST interface Serial0 overload

ip nat inside source route-map TEST2 interface Dialer1 overload

ip classless

ip route 192.39.0.0 255.255.255.0 192.40.0.73 150

ip route 192.39.1.0 255.255.255.0 192.40.0.73 150

ip route 192.168.13.0 255.255.255.0 192.168.4.1

no ip http server

!

access-list 1 permit any

dialer-list 1 protocol ip permit

route-map TEST permit 10

match ip address 1

match interface Serial0

!

route-map TEST2 permit 10

match ip address 1

match interface Dialer1

!

lgijssel · ‎11-15-2004

Your config does not show the ACL you are using for NAT. If there is none, that might be the issue. As you are accepting all traffic for PAT, the routing updates are processed as well, and discarded subsequentially.

Try to enter access-list 1 and permit only source addresses on the ethernet side i.e.

access-list 1 permit 192.168.4.0 0.0.0.255

You could also make the dialer a backup interface for serial0, as a temporary step to assist in troubleshooting. It will switch the dialer in standby mode and hence force the use of the other path.

Regards,

Leo

david.j.altass · ‎11-15-2004

Thanks Leo,

I have omitted the ACL's by mistake I have entered a network to be permitted. I shall, however, try the backup interface as test.

Thanks

Dave

david.j.altass · ‎11-17-2004

I can only get this configuration working when I clear ip nat translations. I ping from the client and all is ok, drop the s0 and the bri kicks in but the pings wont work until I clear the translations.

This is now my config:

version 12.1

!

hostname X

!

logging buffered 4096 debugging

!

username Y password 0 cisco

!

ip subnet-zero

!

isdn switch-type basic-net3

!

interface Ethernet0

ip address 192.168.4.3 255.255.255.0

ip nat inside

no ip route-cache

!

interface Serial0

ip address 192.40.0.6 255.255.255.252

ip nat outside

no ip route-cache

!

interface BRI0

no ip address

encapsulation ppp

no ip route-cache

dialer pool-member 1

isdn switch-type basic-net3

!

interface Dialer1

ip address 192.40.0.74 255.255.255.252

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name Y

dialer idle-timeout 40

dialer string 384700

dialer-group 1

ppp authentication chap

!

router eigrp 1

passive-interface BRI0

passive-interface Dialer1

network 192.40.0.0

no auto-summary

no eigrp log-neighbor-changes

!

ip nat inside source route-map TEST interface Serial0 overload

ip nat inside source route-map TEST2 interface Dialer1 overload

ip classless

ip route 192.39.1.0 255.255.255.0 192.40.0.73 150

no ip http server

!

access-list 1 permit 192.168.4.4

dialer-list 1 protocol ip permit

route-map TEST permit 10

match ip address 1

match interface Serial0

!

route-map TEST2 permit 10

match ip address 1

match interface Dialer1

!

end