From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Thu Oct 25 2001 - 09:11:51 GMT-3
David,
You'll need to use route-maps. Do a search on CCO with "nat <and>
route-map support" and it will pull up the url I use as a reference.
Important note though, make sure you don't have asymmetrical routing, it
will not work if packets get nat'ed going out interface x and come back
in interface y. One would think this would work, since both interfaces
are on this same router, but it isn't supported (apparently due to how
the interface descripter blocks work). But it is something you should
see change in the future as well as failover between nat on two
different routers, which will currently only work if you have the same
static nat entries on both routers.
Brian
David Knot wrote:
> Hi guys
>
> I'm trying to NAT with a 2610 with multiple BRIs. The
> ethernet needs to be inside NAT and 2 different BRIs
> need to be overloaded. Any ideas how this can be done?
> Here is what I've tried but the connection to 2nd bri
> tries to use the 1st NAT list:
>
> hostname test
> !
> interface Ethernet0/0
> ip address 10.20.1.250 255.255.0.0
> ip nat inside
> !
> interface BRI1/0
> no ip address
> no ip directed-broadcast
> encapsulation ppp
> dialer pool-member 4
> isdn switch-type basic-net3
> no cdp enable
> ppp authentication chap
> !
> interface BRI1/1
> no ip address
> no ip directed-broadcast
> encapsulation ppp
> dialer pool-member 8
> isdn switch-type basic-net3
> no cdp enable
> ppp authentication chap
> !
> interface Dialer1
> ip address 160.226.252.61 255.255.255.0
> ip access-group 1 in
> no ip directed-broadcast
> ip nat outside
> encapsulation ppp
> dialer remote-name fww
> dialer string 1111213441 class ewr
> dialer load-threshold 200 either
> dialer pool 4
> dialer-group 1
> no cdp enable
> ppp authentication chap
> ppp multilink
> !
> interface Dialer2
> ip address 10.99.1.1 255.255.0.0
> no ip directed-broadcast
> ip nat outside
> encapsulation ppp
> dialer remote-name Woles
> dialer string 21 class Woles
> dialer pool 8
> dialer-group 1
> no cdp enable
> ppp authentication chap
>
> ip nat inside source list 10 interface Dialer1
> overload
> ip nat inside source list 11 interface Dialer2
> overload
>
> Target IP address: 10.253.254.2
> Repeat count [5]:
> Datagram size [100]:
> Timeout in seconds [2]:
> Extended commands [n]: y
> Source address or interface: 10.20.1.250
> Type of service [0]:
> Set DF bit in IP header? [no]:
> Validate reply data? [no]:
> Data pattern [0xABCD]:
> Loose, Strict, Record, Timestamp, Verbose[none]:
> Sweep range of sizes [n]:
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.253.254.2,
> timeout is 2 seconds:
>
> *Mar 1 00:18:56: NAT: s=10.20.1.250->160.226.252.61,
> d=10.253.254.2 [80]
> *Mar 1 00:18:56: %LINK-3-UPDOWN: Interface BRI1/1:1,
> changed state to up.
> *Mar 1 00:18:56: %DIALER-6-BIND: Interface BR1/1:1
> bound to profile Di2
> *Mar 1 00:18:56: %ISDN-6-CONNECT: Interface BRI1/1:1
> is now connected to 21
> *Mar 1 00:18:58: NAT: s=10.20.1.250->160.226.252.61,
> d=10.253.254.2 [81].
> *Mar 1 00:19:00: %LINEPROTO-5-UPDOWN: Line protocol
> on Interface BRI1/1:1, chap
> *Mar 1 00:19:00: NAT: s=10.20.1.250->160.226.252.61,
> d=10.253.254.2 [82].
> *Mar 1 00:19:02: NAT: s=10.20.1.250->160.226.252.61,
> d=10.253.254.2 [83].
> *Mar 1 00:19:02: %ISDN-6-CONNECT: Interface BRI1/1:1
> is now connected to 21 Wos
> *Mar 1 00:19:04: NAT: s=10.20.1.250->160.226.252.61,
> d=10.253.254.2 [84].
> Success rate is 0 percent (0/5)
>
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:24 GMT-3