From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Thu Oct 25 2001 - 11:03:45 GMT-3
David,
It works with overloading the outbound interface as well.
Brian
David Knot wrote:
> Hi Brian
>
> I've read the articles. Can't see any mention of
> overload option with this problem. Al the have is
> pools. Do you know if overload is possible? I don't
> have many addresses to play with.
>
> Thanks
>
> David
>
> --- Brian Hescock <bhescock@cisco.com> wrote:
> > David,
> > You'll need to use route-maps. Do a search on
> > CCO with "nat <and>
> > route-map support" and it will pull up the url I
> > use as a reference.
> > Important note though, make sure you don't have
> > asymmetrical routing, it
> > will not work if packets get nat'ed going out
> > interface x and come back
> > in interface y. One would think this would work,
> > since both interfaces
> > are on this same router, but it isn't supported
> > (apparently due to how
> > the interface descripter blocks work). But it is
> > something you should
> > see change in the future as well as failover between
> > nat on two
> > different routers, which will currently only work if
> > you have the same
> > static nat entries on both routers.
> >
> > Brian
> >
> > David Knot wrote:
> >
> > > Hi guys
> > >
> > > I'm trying to NAT with a 2610 with multiple BRIs.
> > The
> > > ethernet needs to be inside NAT and 2 different
> > BRIs
> > > need to be overloaded. Any ideas how this can be
> > done?
> > > Here is what I've tried but the connection to 2nd
> > bri
> > > tries to use the 1st NAT list:
> > >
> > > hostname test
> > > !
> > > interface Ethernet0/0
> > > ip address 10.20.1.250 255.255.0.0
> > > ip nat inside
> > > !
> > > interface BRI1/0
> > > no ip address
> > > no ip directed-broadcast
> > > encapsulation ppp
> > > dialer pool-member 4
> > > isdn switch-type basic-net3
> > > no cdp enable
> > > ppp authentication chap
> > > !
> > > interface BRI1/1
> > > no ip address
> > > no ip directed-broadcast
> > > encapsulation ppp
> > > dialer pool-member 8
> > > isdn switch-type basic-net3
> > > no cdp enable
> > > ppp authentication chap
> > > !
> > > interface Dialer1
> > > ip address 160.226.252.61 255.255.255.0
> > > ip access-group 1 in
> > > no ip directed-broadcast
> > > ip nat outside
> > > encapsulation ppp
> > > dialer remote-name fww
> > > dialer string 1111213441 class ewr
> > > dialer load-threshold 200 either
> > > dialer pool 4
> > > dialer-group 1
> > > no cdp enable
> > > ppp authentication chap
> > > ppp multilink
> > > !
> > > interface Dialer2
> > > ip address 10.99.1.1 255.255.0.0
> > > no ip directed-broadcast
> > > ip nat outside
> > > encapsulation ppp
> > > dialer remote-name Woles
> > > dialer string 21 class Woles
> > > dialer pool 8
> > > dialer-group 1
> > > no cdp enable
> > > ppp authentication chap
> > >
> > > ip nat inside source list 10 interface Dialer1
> > > overload
> > > ip nat inside source list 11 interface Dialer2
> > > overload
> > >
> > > Target IP address: 10.253.254.2
> > > Repeat count [5]:
> > > Datagram size [100]:
> > > Timeout in seconds [2]:
> > > Extended commands [n]: y
> > > Source address or interface: 10.20.1.250
> > > Type of service [0]:
> > > Set DF bit in IP header? [no]:
> > > Validate reply data? [no]:
> > > Data pattern [0xABCD]:
> > > Loose, Strict, Record, Timestamp, Verbose[none]:
> > > Sweep range of sizes [n]:
> > > Type escape sequence to abort.
> > > Sending 5, 100-byte ICMP Echos to 10.253.254.2,
> > > timeout is 2 seconds:
> > >
> > > *Mar 1 00:18:56: NAT:
> > s=10.20.1.250->160.226.252.61,
> > > d=10.253.254.2 [80]
> > > *Mar 1 00:18:56: %LINK-3-UPDOWN: Interface
> > BRI1/1:1,
> > > changed state to up.
> > > *Mar 1 00:18:56: %DIALER-6-BIND: Interface
> > BR1/1:1
> > > bound to profile Di2
> > > *Mar 1 00:18:56: %ISDN-6-CONNECT: Interface
> > BRI1/1:1
> > > is now connected to 21
> > > *Mar 1 00:18:58: NAT:
> > s=10.20.1.250->160.226.252.61,
> > > d=10.253.254.2 [81].
> > > *Mar 1 00:19:00: %LINEPROTO-5-UPDOWN: Line
> > protocol
> > > on Interface BRI1/1:1, chap
> > > *Mar 1 00:19:00: NAT:
> > s=10.20.1.250->160.226.252.61,
> > > d=10.253.254.2 [82].
> > > *Mar 1 00:19:02: NAT:
> > s=10.20.1.250->160.226.252.61,
> > > d=10.253.254.2 [83].
> > > *Mar 1 00:19:02: %ISDN-6-CONNECT: Interface
> > BRI1/1:1
> > > is now connected to 21 Wos
> > > *Mar 1 00:19:04: NAT:
> > s=10.20.1.250->160.226.252.61,
> > > d=10.253.254.2 [84].
> > > Success rate is 0 percent (0/5)
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:24 GMT-3