2610 Router, problems with NAT using Dialers 1

[LedZepRock]

Hi

I have seems to be trying to fix this problem for months now (think this is my 3rd post on the subject). I have a 2610 router that is being used to dial a number of ISDN connections, the dialers themselves are fine, but I am having issues with NAT, I just cant get it to work. Here is the config thats giving me trouble. (I stuck some debug at the end also)

The debug shows this error

5d00h: NAT: dialer not up for Dialer3, no translation, dial and drop

(odd thing with this debug is that it always says "Dialer3" even if that is not the dialer being used).

Ta
Simon

-----------------------------------------------------------

interface FastEthernet0/0
ip address 192.168.101.97 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface BRI1/0
no ip address
dialer pool-member 1
isdn switch-type basic-net3
!
interface BRI1/1
no ip address
dialer pool-member 1
isdn switch-type basic-net3
!
interface BRI1/2
no ip address
dialer pool-member 1
isdn switch-type basic-net3
!
interface BRI1/3
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/4
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/5
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/6
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/7
no ip address
shutdown
isdn switch-type basic-net3
!
interface Async1
no ip address
!
interface Async2
no ip address
!
interface Dialer1
description *** Connection 1 ***
ip address 192.168.105.6 255.255.255.252
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 15
dialer string 11111111111
dialer-group 101
ppp chap hostname User1
ppp chap password 0 Password1
!
interface Dialer2
description *** Connection 2 ***
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 15
dialer string 222222222222222
dialer-group 102
no cdp enable
ppp authentication chap pap callin
ppp pap sent-username User2 password 0 Password2
!
interface Dialer3
description *** Connection 3 ***
mtu 1400
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 15
dialer string 22222222222222
dialer-group 103
no cdp enable
ppp authentication chap pap callin
ppp pap sent-username User3 password 7 Password3
!
ip nat inside source list 101 interface Dialer1 overload
ip nat inside source list 102 interface Dialer2 overload
ip nat inside source list 103 interface Dialer3 overload
ip classless
ip route 10.10.10.0 255.255.255.0 Dialer2
ip route 10.20.20.0 255.255.255.0 Dialer1
ip route 194.194.194.0 255.255.255.0 Dialer3
no ip http server
ip pim bidir-enable
!
!
access-list 101 permit ip host 192.168.101.250 10.10.10.0 0.0.0.255
access-list 102 permit ip host 192.168.101.250 10.20.20.0 0.0.0.255
access-list 103 permit ip host 192.168.101.250 any
dialer-list 101 protocol ip list 101
dialer-list 102 protocol ip list 102
dialer-list 103 protocol ip list 103
!
line con 0
line 1 2
line aux 0
line vty 0 4
session-timeout 120
password cisco
login
!
!
end

2610dr#

-----------------------------------------------------------

 

[JOAMON]

1.) Are your three dialers all used for connecting to remote networks?
2.) If so then there may be an issue with the fact that you are trying to NAT your internal addresses. You may want to deny NAT in your access lists that connect to other offices.

access-list 101 deny ip host 192.168.101.250 10.10.10.0 0.0.0.255
access-list 102 deny ip host 192.168.101.250 10.20.20.0 0.0.0.255
access-list 103 deny ip host 192.168.101.250 any

 

[LedZepRock]

They are all remote networks yes, all of them need some sort of NATing though. I have since found out that I need to use route maps, but I am unsure how they work...

Dialer 1 & 3 need a static nat as the other end can on route a single.

Dialer 2 needs to use NAT the source to the address given to the BRI upon connections.

Again though, I can get these all working on there own, the problem I have is trying to get all those different NAT's working for each differant dialer.

Simon

 

[lambent]

you can try the following:

route-map D1 permit 10
match interface d1
!
route-map D2 permit 10
match interface d2
!
route-map D3 permit 10
match interface d3
!
ip nat inside source route-map D1 interface d1 overload
ip nat inside source route-map D2 interface d2 overload
ip nat inside source route-map D3 interface d3 overload
!

 

[LedZepRock]

OK thanks

Tried that but I now get this error

1d02h: NAT: map match D2
1d02h: NAT: dialer not up for Dialer2, no translation, dial and drop

I have had a fiddle with the dialer-lists but am unsure now how I now trigger a dialup???

Ta

 

[lambent]

Are you sure your ISDN is working on d2 and d3?

access-list 103 permit ip host 192.168.101.250 any

actually when you have traffic from host 192.168.101.250 to either 10.10.10.0/24 or 10.20.20.0/24, it will also hit ACl 103 so that 2 dialer interfaces should come up. Is this intentionally designed?

ip route 194.194.194.0 255.255.255.0 Dialer3

So do you actually want to redirect the traffic from host 192.168.101.250 to 194.194.194.0/24 to d3 only?

 

[LedZepRock]

Lambent

Thank in advance for your help on this (and everbody else).

I have found this document

http://www.cisco.com/warp/public/105/nat_routemap.html#host1tohost2

and that has confirmed many things.

Dialer 1 2 and 3 are all seperate, so that must be my cockup

The ISDN's have all worked from this router (but not togeather) but since my latest updates I no longer seam to trigger the dialups, here is my updated config...

ip subnet-zero
!
!
!
isdn switch-type basic-net3
!
!
!
interface FastEthernet0/0
ip address 192.168.101.97 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface BRI1/0
no ip address
dialer pool-member 1
isdn switch-type basic-net3
!
interface BRI1/1
no ip address
dialer pool-member 1
isdn switch-type basic-net3
!
interface BRI1/2
no ip address
dialer pool-member 1
isdn switch-type basic-net3
!
interface BRI1/3
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/4
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/5
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/6
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/7
no ip address
shutdown
isdn switch-type basic-net3
!
interface Async1
no ip address
!
interface Async2
no ip address
!
interface Dialer1
description *** D1 ***
ip address 192.168.105.6 255.255.255.252
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 15
dialer string 111111111111
dialer-group 101
ppp chap hostname 1111
ppp chap password 1111
!
interface Dialer2
description *** D2 ***
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 15
dialer string 2222222222222
dialer-group 102
no cdp enable
ppp authentication chap pap callin
ppp pap sent-username 2222 password 2222222
!
interface Dialer3
description *** D3 ***
mtu 1400
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 15
dialer string 333333333333331
dialer-group 103
no cdp enable
ppp authentication chap pap callin
ppp pap sent-username 3333333333333 password 7 3333333333
!
ip nat inside source route-map MAP-D2 interface Dialer2 overload
ip classless
ip route 20.10.10.0 255.255.255.0 Dialer2
ip route 10.10.10.0 255.255.255.0 Dialer1
ip route 194.194.194.0 255.255.255.0 Dialer3
no ip http server
ip pim bidir-enable
!
!
access-list 102 permit ip host 192.168.101.250 20.10.10.0 0.0.0.255
route-map MAP-D2 permit 10
match ip address 102
!
!
line con 0
line 1 2
stopbits 1
speed 115200
line aux 0
line vty 0 4
session-timeout 120
password cisco
login
!
!
end


Ta

 

[lambent]

where are your dialer-lists?

 

[LedZepRock]

I didn't put um in. Hence why it didn't work

Got two of the three working now, the last ones a bit fiddly but now I know how...

Thanks for your help

Simon