one cisco801, two providers, two times NAT 1

[Guest_imported]

Hi !

I try to connect my network via a Cisco 801 to two different providers: one for e-mail exchange and one for surfing (the surfing provider is much cheaper, but when I use that provider, I'm automatically in the dial-up blacklist that some SMTP mailers look up, so I cannot generally use this one provider.

One interesting side note: I want to do NAT on both connections.

Now, I am quite confused with the correct NAT and dialer settings. I don't get it working. Currently I have this setup (snippet):

interface Ethernet0
ip address 192.168.233.27 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
ip nat inside

interface Ethernet0
ip address 192.168.233.27 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
ip nat inside
!
interface BRI0
no ip address
no ip directed-broadcast
ip nat outside
encapsulation ppp
!dialer rotary-group 1 ??
!dialer-group 1 ??
isdn switch-type basic-net3

interface Dialer1
description EMail only provider
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer in-band
dialer-group 1
dialer string 019161
dialer idle-timeout 30
ppp authentication pap callin
ppp pap sent-username <user> password <pw>

interface Dialer2
description MSN (zum Surfen)
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer in-band
dialer string 010880192658
!dialer-group 2 ??
ppp authentication chap pap callin
ppp chap hostname MSN
ppp chap password MSN
ppp pap sent-username MSN password MSN

ip route 194.245.74.0 255.255.255.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2

Okay, the ethernet has &quot;nat inside&quot;, the others all have &quot;nat outside&quot;. And still it does not work. Also, I don't have the idea where I have to specify dialer group and dialler rotary. Actually, I don't have the slightest idea what they do.

And finally, there is a global command &quot;ip nat inside source list 1 interface Dialer1 overload&quot; that one of the cisco tools generated. What purpose is this if the nat inside/outside stuff is already defined elsewhere?

 

[munsonbrown]

Well, let's see... let's start with the BRI0. Your dialer rotary-group associates the interface dialers with the physical interface BRI0 ( so dialer rotary-group 0 would associate dialer 0 also). Under the interface dialers, the statement dialer-group 1 will refer to a global statement &quot;dialer-list 1 protocol ip permit&quot; which tells this interface to consider IP traffic worth dialing for. Both interface dialers should read dialer-group 1. Now in order to make the NAT work, you need to tell the router what outside addresses to translate to which inside address. Since you want to translate the same inside addresses all the time, but use a different outside address depending on destination, this might be a little tricky. I've never seen this done before, but this would seem like the way to do it. The statements to start with are &quot;ip nat inside source list 1 interface dialer0 overload&quot; and &quot;ip nat inside source list 1 interface dialer1 overload&quot;. List 1 refers to access-list 1 which should read, &quot;access-list 1 permit 192.168.233.0 0.0.0.255. If this does not work, ensure that you are connecting and authenticating to the ISPs first. If you are, then you should check out the nat stats. Show ip nat translation will show you if anything is getting translated and if the right communications are getting translated to the right outside addresses. If they are not, you may need to change the access-lists a bit, but let's see how far you get with this.

 

[munsonbrown]

I just found some more information that I think you may find useful. Here is a document from Cisco covering many examples of implementing NAT. The section on &quot;Support for route maps: &quot; may be particularly useful. Good Luck.

http://www.cisco.com/warp/public/701/60.html

 

[Bullgod]

We are having the same problems. Only Difference is that we are trying to connect to a ISP and a remote office.
Both need NAT, but the solution offered here does not apply.
When entering: ip nat inside source list 1 interface dialer 1 overload
followed by: ip nat inside source list 1 interface dialer 2 overload

The last entry applies and overwrites the first entry.
I already tried to make a second source list, but then the first entry is used for NAT.

Has anybody solved this problem as of yet?

 

[rjdscs]

Here is the config we use on our Cisco 1603 Router to connect to 3 sites. One site is a Cisco 800 Router and the other two are to RAS. It works fine except that we can only cnnect to two sites at a time. Anyway we now have 3 more isdn lines and a Cisco 2620 Router so that will nolonger be a problem.
Hope this helps

richard

richard@brecon.co.uk
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname fred
!
boot system flash 12.3
enable password silly
!
username isdnmorse password 0 silly
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
isdn switch-type basic-net3
!
!
!
interface Ethernet0
description connected to mislan
ip address 192.168.1.254 255.255.255.192
ip nat inside
no keepalive
!
interface BRI0
description connected to isdnmorse,CorporateNetwork
no ip address
ip nat outside
encapsulation ppp
dialer pool-member 1
dialer pool-member 2
dialer pool-member 3
isdn switch-type basic-net3
!
interface Dialer1
description connected to isdnmorse
bandwidth 64
ip unnumbered Ethernet0
ip nat inside
encapsulation ppp
no ip split-horizon
dialer remote-name isdnmorse
dialer pool 1
dialer idle-timeout 900
dialer string 012345678
dialer hold-queue 10
dialer snapshot 1
dialer-group 1
snapshot client 5 10000 suppress-statechange-update dialer
no cdp enable
ppp authentication chap
!
interface Dialer2
description connected to CorporateNetwork
bandwidth 64
ip address negotiated
ip nat outside
encapsulation ppp
no ip split-horizon
dialer remote-name Miracle
dialer pool 2
dialer idle-timeout 900
dialer string 0112222222
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname Miracle
ppp chap password 7 130105130C030A
ppp pap sent-username Miracle password 7 0202165A0C0901
!
interface Dialer3
description connected to Calsonic
bandwidth 64
ip address negotiated
ip nat outside
encapsulation ppp
no ip split-horizon
dialer remote-name miracle
dialer pool 3
dialer idle-timeout 900
dialer string 01556666666
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname miracle
ppp chap password 7 0702285E4F0A1500
ppp pap sent-username miracle password 7 060B06334D4D051C
!
router rip
version 2
passive-interface Ethernet0
network 194.168.1.0
no auto-summary
!
ip nat inside source route-map calsonic-map interface Dialer3 overload
ip nat inside source route-map nsk-map interface Dialer2 overload
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 Dialer2
ip route 182.9.207.0 255.255.255.0 Dialer3
ip route 192.0.1.0 255.255.255.0 192.0.1.90
ip route 192.0.1.0 255.255.255.0 Dialer1
ip route 192.168.10.0 255.255.255.0 Dialer1
no ip http server
!
access-list 1 permit 194.168.1.192 0.0.0.63
access-list 1 permit 192.0.1.0 0.0.0.255
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map nsk-map permit 10
match ip address 1
match interface Dialer2
!
route-map calsonic-map permit 10
match ip address 1
match interface Dialer3
!
snmp-server engineID local 0000000902000030943FA437
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password trout
login
transport input none
line vty 0 4
exec-timeout 0 0
password trout
login
!
end