NAT and negotiated PPP address

mike.j.doherty · ‎07-25-2006

On our new DSL Internet connection, our ISP expects us to negotiated the PPP address.

We have also brought a /29 address range as we wish to host servers behind the router.

Outgoing NAT works fine. We have configured a loopback interface with the brought public IP and use this as the NAT overload address.

Incoming NAT is another issue. The IOS router will convert the incoming destination IP address to the correct Internal

address and the return traffic in show IP NAT Tra and debug IP nat shows the return translation

but nothing appears on the Internet connection?

What is the correct set up for this type of situation.

Cheers Mike

spremkumar · ‎07-25-2006

Hi

If your SP has either binded this /29 with your userid or has an route entry for this /29 pointing your userid then you can simply do the static translation commands in your router.

No need for a loopback config and extra nat config invloving your loopback ip address..

you can refer this link for more info on configuring the same..

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml

Also you can do the overload on your dialer interface which you use up for connecting with the SP.

On the NAT overload command you can configure overloading pointing your dialer interface .

Once you are done with your static nat configs then do check whether they are appearing using show ip nat translations ..

regds

mike.j.doherty · ‎07-25-2006

Thanks everyone for responding. From all the suggestions I havethe following config.

interface FastEthernet0

ip address aa.aa.aa.aa 255.255.255.0

ip nat inside

speed auto

!

interface Dialer0

ip address negotiated

ip access-group 100 in

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname xxxxxxxxxxxxxxxx

ppp chap password xxxxxxxxxxxxxxxxxxx

!

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static bb.bb.bb.bb cc.cc.cc.cc

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

no logging trap

access-list 1 permit "local users"

The same problem is still there. Th overload works fine The Static NAT mapping bb.bb.bb.bb to cc.cc.cc.cc works incoming from the ISP and the translate packets appear on the local LAN. The return packets from the host appear in the debug IP NAt output but nothing appears is sent out the dialer interface

cheers

spremkumar · ‎07-25-2006

Hi Mike

can you revert back why you are using an access-group under the dialer interface ?

can you remove the access-group command and check ?

since you havent incorporated the acceess-list 100 in the config which you have posted,its better to remove and check or do post out ACL statements here..

regds

mike.j.doherty · ‎07-26-2006

Hi, I've added the complete config and debug output.

The Dialer access list this there to stop unwanted traffic. I'm testing the connection from 62.172.209.197 tcp port 25

Thanks

bella · ‎07-25-2006

Show your config, please.

mike.j.doherty · ‎07-26-2006

Hi Bella, config and debug as requested.

many thanks

Mike

lgijssel · ‎07-25-2006

Hi Mike,

The issue is likely to be the fact that you used a loopback interface for the /29 range. I assume that this may cause the traffic to be routed there which is not good.

Remember that the ISP is routing the /29 to your outside ip address (the negotiated one). Hence all you need to do is to provide a translation mapping for these adresses to the corresponding inside ip.

For outgoing nat there is something like:

ip nat inside source list 1 interface Serial0/0 overload

Now, remove the loopback interface:

no int lo 0

Add a static translation:

ip nat inside source static tcp 10.66.1.10 80 80 extendable

This will do the job!

Regards,

Leo