NAT and Dialer on 1812 problem

[adrianday]

Hello can someone educate me please

I wish to have a remote site dial 2 different hosts depending on the destination Ip address. Currently the edited config below enables the devices on 172.21 and 172.22 to be reached through dialer3/011722*****.

I want these same devices to reach another host ip address say 192.168.0.1 with a dial string 011822*****, when needed. If I modify the current config i can'call' the 192.168 network OK.

I have listed what i think should be necessary, but if more info is needed.....

NB my current access list allow everything but would be modified after i get both routes to work.

!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 3
dialer pool-member 2
isdn switch-type basic-net3
isdn point-to-point-setup
isdn answer1 123456
isdn answer2 123456
no keepalive
no fair-queue
no cdp enable
ppp authentication chap
ppp multilink
!
interface Vlan200
ip address 10.55.254.65 255.255.255.240
ip access-group vlan200in in
ip nat inside
ip virtual-reassembly
!
!
interface Dialer3
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 3
dialer remote-name *******
dialer string 011722*****
dialer idle-timeout 30
dialer load-threshold 128 outbound
dialer-group 5
no fair-queue
no cdp enable
ppp authentication pap callin
ppp pap sent-username ******* password 7 06171A284F451A1009011719
ppp multilink
!
ip classless
ip route 172.21.0.100 255.255.255.255 Dialer3
ip route 172.22.0.100 255.255.255.255 Dialer3

!
!
ip nat inside source list vlan200in interface Dialer3 overload

ip access-list extended vlan200in
permit ip any any

 

[Buzzedman]

If I understand you correctly, you just need to define another Dialer interface to bring up when someone needs to access the 192.168.0.x network. eg:


interface Dialer4
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 3 <- need this to "bind" to the BRI interface
dialer remote-name *******
dialer string 011822*****
dialer idle-timeout 30
dialer load-threshold 128 outbound
dialer-group 5
no fair-queue
no cdp enable
ppp authentication pap callin
ppp pap sent-username ******* password 7 06171A284F451A1009011719
ppp multilink

ip route 192.168.0.1 255.255.255.255 Dialer4

 

[adrianday]

Thanks for the quick reply. Thats what i thought originally.
but the isdn line did not come up. Until i changed

ip nat inside source list vlan200in interface Dialer3 overload
to
ip nat inside source list vlan200in interface Dialer4 overload

I am obviously missing some knowledge here. But I guess its to do with Nat and the access list. More book bashing for me I think.
rgds
Adrian

 

[Buzzedman]

Adrian,

I totally missed the fact that you were using NAT....
My first question is do you need to be using NAT ? You are using private IP address ranges - so If all this equiment is within your own network you could remove all the NAT commands altogether...

But.. This should help with your current problem:

create a new ACL called say "Dialer3-nat" and tell it to match LAN traffic destined for either 172.21.0.100 or 172.22.0.100 (via Dialer3)

ip access-list extended dialer3-nat
permit ip 10.55.254.64 0.0.0.15 host 172.21.0.100
permit ip 10.55.254.64 0.0.0.15 host 172.22.0.100

now, create an acl for traffic destined for 192.168.0.1 (via dialer 4)

ip access-list extended dialer4-nat
permit ip 10.55.254.64 0.0.0.15 host 192.168.0.1

I am assuming that all hosts are on the 10.55.254.64/28 subnet. If they are not, you will need to change these ACL's to reflect the appropriate source IP ranges

now you can remove the existing nat:

no ip nat inside source list vlan200in interface Dialer3 overload

and replace it with the following two nat statements :

ip nat inside source list dialer3-nat interface Dialer3 overload
ip nat inside source list dialer4-nat interface Dialer4 overload

This will allow you to get to the required hosts over the appropriate dialer interface.

 

[adrianday]

Thanks Buzzedman

I followed your suggestions,, and everything is working the way I wish it too..

I'm glad i had this problem/challenge. It's got me looking at dialer and access uses and I know a lot more today than at the begining of the week. probably generate a lot lot more questions(grin)

thanks again rgds Adrian