multilink ppp, w/nat & vpn

Discussion in 'Cisco' started by Karnov, May 5, 2004.

  1. Karnov

    Karnov Guest

    Hi all,

    I'm trying to configure a multilink setup (two T-1s w/2 WIC-1DSU-T1-V2s) w/NAT
    where I can terminate VPNs as well. My end is on a 2621XM with 12.3. The ISP
    wants to use this setup on their end:

    interface Multilink1
    ip address 10.0.1.1 255.255.255.252
    ip mask-reply
    load-interval 30
    no cdp enable
    ppp multilink
    multilink-group 1

    interface Serial1/0:0
    description Primary
    no ip address
    ip mask-reply
    encapsulation ppp
    no fair-queue
    down-when-looped
    ppp multilink
    multilink-group 1

    interface Serial2/0:0
    description Secondary
    no ip address
    ip mask-reply
    encapsulation ppp
    no fair-queue
    down-when-looped
    ppp multilink
    multilink-group 1

    ip route 10.10.25.224 255.255.255.240 10.0.1.2


    They suggest on my end to use the same multilink setup with ip address 10.0.1.2
    255.255.255.252.

    I had this config in mind:

    interface Multilink3
    description $FW_OUTSIDE$bonded T-1s
    ip address 10.0.1.2 255.255.255.252
    ip access-group 101 in
    ip verify unicast reverse-path
    ip nat outside
    ip inspect DEFAULT100 out
    no cdp enable
    ppp multilink
    ppp multilink group 3
    crypto map SDM_CMAP_1
    !
    interface FastEthernet0/0
    description $ETH-LAN$$FW_INSIDE$CHQ LAN
    ip address 192.168.2.2 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface Serial0/0
    description Primary
    no ip address
    encapsulation ppp
    no cdp enable
    ppp multilink
    ppp multilink group 3
    !
    interface FastEthernet0/1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/1
    description Secondary
    no ip address
    encapsulation ppp
    no cdp enable
    ppp multilink
    ppp multilink group 3
    !
    ip nat inside source route-map SDM_RMAP_1 interface Multilink3 overload


    However, how do I make use of those 10.10.25.224 255.255.255.240 IPs?

    Could I give one of my FastEthernet interfaces a 10.10.25.225 IP, not plug
    anything in, set that as ip nat outside, and then set the other FastEthernet
    interface as ip nat inside?

    They suggest using a nat pool:

    ip nat pool netpool 10.10.25.226 10.10.25.227 netmask 255.255.255.240
    ip nat inside source static 10.168.1.2 209.10.25.228 <---- example static
    ip nat inside source list 1 pool netpool overload

    But I think in order for me to terminate VPNs on my Multilink3 interface I need
    that route-map (which disables NAT in VPNs):

    ip nat inside source route-map SDM_RMAP_1 interface Multilink3 overload

    Should I terminate VPNs on a different interface?

    So what can I do?

    thanks
    Karnov
     
    Karnov, May 5, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gerd Thümmler

    ppp multilink lost many fragments

    Gerd Thümmler, Jul 11, 2003, in forum: Cisco
    Replies:
    0
    Views:
    2,860
    Gerd Thümmler
    Jul 11, 2003
  2. Klaus Kruse

    Re: ppp multilink on 2500/3600

    Klaus Kruse, Oct 23, 2003, in forum: Cisco
    Replies:
    1
    Views:
    664
    Aaron Leonard
    Oct 27, 2003
  3. Gerd Thuemmler
    Replies:
    0
    Views:
    2,332
    Gerd Thuemmler
    Nov 27, 2003
  4. Smash

    Multilink PPP

    Smash, Jan 11, 2004, in forum: Cisco
    Replies:
    10
    Views:
    4,589
  5. Karnov
    Replies:
    1
    Views:
    8,461
    CCIE8122
    May 24, 2004
Loading...

Share This Page