multilink ppp, w/nat & vpn

05-05-2004

Hi all,

I'm trying to configure a multilink setup (two T-1s w/2 WIC-1DSU-T1-V2s) w/NAT
where I can terminate VPNs as well. My end is on a 2621XM with 12.3. The ISP
wants to use this setup on their end:

interface Multilink1
ip address 10.0.1.1 255.255.255.252
ip mask-reply
load-interval 30
no cdp enable
ppp multilink
multilink-group 1

interface Serial1/0:0
description Primary
no ip address
ip mask-reply
encapsulation ppp
no fair-queue
down-when-looped
ppp multilink
multilink-group 1

interface Serial2/0:0
description Secondary
no ip address
ip mask-reply
encapsulation ppp
no fair-queue
down-when-looped
ppp multilink
multilink-group 1

ip route 10.10.25.224 255.255.255.240 10.0.1.2

They suggest on my end to use the same multilink setup with ip address 10.0.1.2
255.255.255.252.

I had this config in mind:

interface Multilink3
description $FW_OUTSIDE$bonded T-1s
ip address 10.0.1.2 255.255.255.252
ip access-group 101 in
ip verify unicast reverse-path
ip nat outside
ip inspect DEFAULT100 out
no cdp enable
ppp multilink
ppp multilink group 3
crypto map SDM_CMAP_1
!
interface FastEthernet0/0
description $ETH-LAN$$FW_INSIDE$CHQ LAN
ip address 192.168.2.2 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
!
interface Serial0/0
description Primary
no ip address
encapsulation ppp
no cdp enable
ppp multilink
ppp multilink group 3
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface Serial0/1
description Secondary
no ip address
encapsulation ppp
no cdp enable
ppp multilink
ppp multilink group 3
!
ip nat inside source route-map SDM_RMAP_1 interface Multilink3 overload

However, how do I make use of those 10.10.25.224 255.255.255.240 IPs?

Could I give one of my FastEthernet interfaces a 10.10.25.225 IP, not plug
anything in, set that as ip nat outside, and then set the other FastEthernet
interface as ip nat inside?

They suggest using a nat pool:

ip nat pool netpool 10.10.25.226 10.10.25.227 netmask 255.255.255.240
ip nat inside source static 10.168.1.2 209.10.25.228 <---- example static
ip nat inside source list 1 pool netpool overload

But I think in order for me to terminate VPNs on my Multilink3 interface I need
that route-map (which disables NAT in VPNs):

ip nat inside source route-map SDM_RMAP_1 interface Multilink3 overload

Should I terminate VPNs on a different interface?

So what can I do?

thanks
Karnov

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
VPN Errors on multilink T1 - but inly for DHCP and not static NATusers?	lwpowers@gmail.com	Cisco	1	04-08-2008 08:27 AM
VPN site to site & Remote access VPN ( vpn client) over the same interface	pasatealinux	Cisco	1	12-17-2007 07:41 PM
multilink ppp only works with ppp multilink fragment disable (2 T-1s)	Karnov	Cisco	1	05-24-2004 02:37 AM
Cisco vpn server enabled / VPN and no-VPN connections mix	Elise	Cisco	6	05-22-2004 07:55 AM
multilink virtual-access bundle interface issues	Dan Lanciani	Cisco	3	07-10-2003 08:30 PM