DHCP with NAT

[1ceHacka]

In my lab environment here at work, we have an adsl line which we use to test configs on hsrp backup that we use at manufacturing sites. This adsl line would also serve great as an "outside" line for certain testing that cannot be done while on the internal mpls. I guess I feel stupid in asking, but I have never run across this issue. How does one NAT to an external interface that is running dhcp? I thought about using something like dynamic dns, but I was wondering if there is anything easier to use. Currently, the router handling the adsl is just a cisco 871.

Basically, I want to toss one vlan on a fasteth port which nats to the external address. Again, I have never run across needing to NAT to a dhcp address...so this is crazy to me.

 

[drebo]

Instead of specifying your IP address in your ip nat inside command, specify the interface.

 

[1ceHacka]

Edit: I found what you were talking about, but it still doesn't seem to give me connectivity to outside.

I used:

ip nat inside source list 7 interface fasteth4 overload

 

[jlazzaro]

you need to overload the dialer interface, not the inside fastethernet...

if it still doesn't work, post your configuration minus addresses/passwords.

 

[1ceHacka]

I saved the old config, and went with a blank slate. This took out the variables of the tunnels and other such things. I ran a ping test on the DSL address assinged, and I can hit the routers outside. Still cannot get out. Here is what I have currently.

Current configuration : 1627 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool test
network 192.168.1.0 255.255.255.0
!
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx@static.sbcglobal.net
ppp chap password 0 xxxx
ppp pap sent-username xxxx password 0 xxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat pool pool1 192.168.1.0 192.168.2.0 netmask 255.255.252.0
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 0.0.0.0 255.255.255.0
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000

!
webvpn cef
end

 

[jlazzaro]

the outside NAT needs to be on the dialer interface, and your NAT ACL was incorrect...

!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool test
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 4.2.2.2
!
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx@static.sbcglobal.net
ppp chap password 0 xxxx
ppp pap sent-username xxxx password 0 xxxxx
no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
end