Hi I have a cisco router connected to internet using two ADSL links with one of those links has a fixed public IP. the puprose is to use them in load sharing and also permet to the client to connect to the internal FTP server using the public IP using PAT. I already try to configure it but I faced some issues with PAT. Please find below my configuration and thanks in advance to let me know what can I do to fixe this issue.
________________________________________________________ Router#sh running-config Building configuration...
Current configuration : 4649 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname XXXXXXXXXXX ! boot-start-marker boot-end-marker ! ! enable secret 5 XXXXXXXXXXX ! no aaa new-model ! ip cef ! ! ! ! ! ! ip domain name XXXXXXXXXXX no ipv6 cef multilink bundle-name authenticated ! !
! !
! ! controller VDSL 0/0/0 ! controller VDSL 0/1/0 ! ip ssh time-out 60 ip ssh logging events ip ssh version 2 ! track 1 interface Dialer0 ip routing ! track 2 interface Dialer1 ip routing ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.2.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface ATM0/0/0 no ip address no atm ilmi-keepalive pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface Ethernet0/0/0 no ip address shutdown ! interface ATM0/1/0 no ip address no atm ilmi-keepalive pvc 8/35 pppoe-client dial-pool-number 2 ! ! interface Ethernet0/1/0 no ip address shutdown ! interface Dialer0 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp chap hostname XXXXXXXXXXXX ppp chap password XXXXXXXXXXXX ppp pap sent-username XXXXXXXXXXXXX password XXXXXXXXXXXXXXXX ppp multilink ! interface Dialer1 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 2 dialer-group 2 ppp chap hostname XXXXXXXXXXXX ppp chap password XXXXXXXXXXXX ppp pap sent-username XXXXXXXXXXXXX password XXXXXXXXXXXXXXXX ppp multilink ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source static tcp 192.168.2.200 21 interface Dialer0 21 ip nat inside source static udp 192.168.2.200 21 interface Dialer0 21 ip nat inside source static tcp 192.168.2.200 20 interface Dialer0 20 ip nat inside source route-map adsl1 interface Dialer0 overload ip nat inside source route-map adsl2 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer0 10 track 1 ip route 0.0.0.0 0.0.0.0 Dialer1 10 track 2 ! access-list 11 permit 192.168.2.0 0.0.0.255 access-list 12 deny 192.168.2.200 access-list 12 permit 192.168.2.0 0.0.0.255 ! route-map adsl2 permit 10 match ip address 12 match interface Dialer1 ! route-map adsl1 permit 10 match ip address 11 match interface Dialer0 ! ! ! control-plane ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password XXXXXXXXXXXXXX login local transport input ssh ! scheduler allocate 20000 1000 ! end
OP posted this problem before here . So I see you fixed your routemap and pinned traffic to your FTP server to Di0 only. So now the question becomes "what EXACT issues are you facing with PAT?"
First of all, other than the FTP traffic not working, is all other connectivity working? ie. users who match the 192.168.2.x conditions of the NAT'ing and routemaps?
Some other commands you can run from the router
"sh ip cache flow"
"sh ip access 11" / "sh ip access 12" -- any hits on either ACL, especially for 192.168.2.200
"show ip nat trans" -- any entries for 192.168.2.200?
"debug ip packet"
Question... what do the logs show from both the client end and the FTP server end? Is 192.168.2.200 even listening on ports 20 and 21?