1. Home
  2. Cisco Systems
  3. NAT problem over multiple links

NAT problem over multiple links

Hi We have a client that is running a CPE with 2 services thru 2 different ISP's. What we are trying to achieve is when one ISP goes down the other takes over, this appears to work OK for routing but not for NATing. Dialer 4 is the primary link and Dialer 3 is the secondary link. What we are finding is when Dialer 4 fails, NAT doesn't take over on Dialer 3 I have attached the config, any suggestions would be welcome

version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ! boot-start-marker boot-end-marker ! logging buffered 10000 debugging enable secret ! clock timezone AEST 10 clock summer-time AEDST recurring last Sun Oct 2:00 last Sun Mar 3:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 no aaa new-model ip subnet-zero ! ! ip name-server 202.154.83.53 ip name-server 218.214.17.1 ip name-server 144.140.70.30 ip name-server 144.140.71.16 ! ip cef ip audit po max-events 100 no ftp-server write-enable ! ! interface Tunnel1 description Tunnel FForestTelstra to AlexandriaPT ip address 10.1.1.1 255.255.255.252 ip ospf cost 300 keepalive 30 3 tunnel source 61.9.203.59 tunnel destination 202.154.80.119 ! interface Tunnel2 description Tunnel FForestPT to AlexandriaPT ip address 10.1.2.1 255.255.255.252 ip ospf cost 350 keepalive 30 3 tunnel source 202.154.86.59 tunnel destination 202.154.80.119 ! interface Tunnel3 description Tunnel FForestTelstra to AlexandriaTelstra ip address 10.1.3.1 255.255.255.252 ip ospf cost 100 keepalive 30 3 tunnel source 61.9.203.59 tunnel destination 144.131.135.61 ! interface Tunnel4 description Tunnel FForestPT to AlexandriaTelstra ip address 10.1.4.1 255.255.255.252 ip ospf cost 150 keepalive 30 3 tunnel source 202.154.86.59 tunnel destination 144.131.135.61 ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.3 point-to-point description Swiftel Internet Network pvc 0/33 encapsulation aal5mux ppp dialer dialer pool-member 3 ! ! interface ATM1 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM1.4 point-to-point description Telstra Internet Service pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 4 ! ! interface FastEthernet0 ip address 192.168.31.1 255.255.255.0 no ip redirects no ip proxy-arp ip nat inside ip policy route-map clear-df speed auto no keepalive no cdp enable hold-queue 100 in hold-queue 100 out ! interface Dialer3 description Swiftel Internet Network ip address negotiated ip nat outside encapsulation ppp dialer pool 3 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname ppp chap password ! interface Dialer4 description Telstra Internet Service ip address negotiated ip nat outside encapsulation ppp dialer pool 4 dialer-group 2 no cdp enable ppp authentication chap callin ppp chap hostname ppp chap password ! router ospf 1 log-adjacency-changes passive-interface Dialer3 passive-interface Dialer4 network 10.0.0.0 0.255.255.255 area 0 network 192.168.0.0 0.0.255.255 area 0 ! ip nat inside source list 95 interface Dialer4 overload ip nat inside source list 96 interface Dialer3 overload ip nat inside source static tcp 192.168.31.3 3003 202.154.86.59 3003 extendable ip nat inside source static tcp 192.168.31.4 3004 202.154.86.59 3004 extendable ip nat inside source static tcp 192.168.31.3 4001 202.154.86.59 4001 extendable ip nat inside source static tcp 192.168.31.3 3003 61.9.203.59 3003 extendable ip nat inside source static tcp 192.168.31.4 3004 61.9.203.59 3004 extendable ip nat inside source static tcp 192.168.31.3 4001 61.9.203.59 4001 extendable ip classless ip route 0.0.0.0 0.0.0.0 61.9.192.253 ip route 0.0.0.0 0.0.0.0 218.214.225.197 50 ip route 144.131.135.61 255.255.255.255 61.9.192.253 ip route 144.131.135.61 255.255.255.255 218.214.225.197 50 ip route 202.154.80.119 255.255.255.255 218.214.225.197 ip route 202.154.80.119 255.255.255.255 61.9.192.253 50 no ip http server no ip http secure-server ! ! access-list 1 permit 202.154.79.0 0.0.0.7 access-list 1 permit 202.154.92.76 0.0.0.1 access-list 5 permit any access-list 11 permit any access-list 90 permit 202.154.83.57 access-list 90 permit 202.154.92.76 access-list 90 permit 202.154.92.126 access-list 90 permit 202.154.92.228 access-list 95 permit 192.168.31.0 0.0.0.255 access-list 96 permit 192.168.31.0 0.0.0.255 no cdp run ! route-map clear-df permit 10 match ip address 5 set ip df 0 ! snmp-server community snmp-server enable traps tty banner motd ^CC

YOU DO NOT HAVE PERMISSION TO ACCESS THIS DEVICE

Unauthorized access to this device or the attached networks is prohibited without express written permission all Violators will be prosecuted to the fullest extent of both civil and criminal law. You must cease your access attem access is being logged.^C ! line con 0 exec-timeout 120 0 password login stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 240 0 password 7 login length 0 transport input telnet transport output telnet ! no scheduler max-task-time ntp clock-period 17179922 ntp server 128.250.36.2 end

Reply to
Scooty
Loading thread data ...

Search this news group using the terms "ping based routing" and "NAT" for dozens of requests like yours that include answers. Google groups is your friend.

Reply to
Vincent C Jones

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.