|
|
The Easy IP (Phase 1) feature combines Network Address Translation (NAT) and PPP/Internet Protocol Control Protocol (IPCP). This feature enables a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server and to enable all remote hosts to access the global Internet using this single registered IP address. Because Easy IP (Phase 1) uses existing port-level multiplexed NAT functionality within the Cisco IOS software, IP addresses on the remote LAN are invisible to the Internet.
For a complete description of the Easy IP commands in this chapter, refer to the "Easy IP Commands" chapter of the Dial Solutions Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
Easy IP (Phase 1) provides the following benefits:
PPP/Internet Protocol Control Protocol (IPCP)--Defined in RFC 1332, this protocol provides the ability to dynamically configure IP addresses over Point-to-Point Protocol (PPP). A Cisco IOS Easy IP (Phase 1) router uses PPP/IPCP to dynamically negotiate its own registered WAN interface IP address from a central access server or Dynamic Host Configuration Protocol (DHCP) server.
Network Address Translation (NAT)--Operates on a router that connects two or more networks together. In Easy IP (Phase 1), at least one of these networks (designated as "inside" or "LAN") is addressed with private addresses that must be converted into a registered address before packets can be forwarded to the other registered network (designated as "outside" or "WAN"). Within the context of Easy IP (Phase 1), port-level multiplexed NAT is used to translate all internal private addresses to a single outside registered IP address.
Easy IP (Phase 1) assumes that all clients have statically configured IP addresses. The PPP/IPCP address negotiation functionality in Easy IP is used to assign an IP address from a central device (PPP/IPCP option 3--"IP Address") to the Easy IP router.
Figure 134 shows a typical scenario for using the Easy IP feature.
Steps 1 through 4 illustrate how Easy IP (Phase 1) works.
Step 1 When a SOHO host generates "interesting" traffic (as defined by access control lists) for dialup (first-time only), the Easy IP router requests a single registered IP address from the central site's access server via PPP/IPCP. See Figure 135.
Step 2 The central site router replies with a dynamic global address from a local DHCP IP address pool. See Figure 136.
Step 3 The Easy IP router uses port-level NAT functionality to automatically create a translation that associates the WAN interface's registered IP address with the client's private IP address. See Figure 137.
Step 4 The remote hosts contain multiple static IP addresses while the Easy IP router obtains a single registered IP address using PPP/IPCP. The Easy IP router then creates port-level multiplexed NAT translations between these addresses so that each remote host address (inside private address) is translated to a single external address assigned to the Easy IP router. This many-to-one address translation is also called port-level multiplexing or port address translation (PAT). Note that the NAT port-level multiplexing function can be used to conserve global addresses by allowing the remote routers to use one global address for many local addresses. See Figure 138.
Complete the following tasks before using Easy IP (Phase 1):
For information about configuring ISDN switch types, refer to the "Setting Up ISDN Basic Rate Service" chapter earlier in this book. For information about configuring static routes, refer to the "Configuring IP Services" chapter in the Network Protocols Configuration Guide, Part 1. For information about NAT, refer to the "Configuring Network Address Translation" chapter in this book.
In its most simple configuration, an Easy IP (Phase 1) router or access server will have a single LAN interface and a single WAN interface. Based on this model, you must complete the following tasks to use Easy IP (Phase 1):
For configuration examples, refer to the section "Easy IP Configuration Examples" later in this chapter.
The first step in enabling Easy IP (Phase 1) is to create a pool of internal IP addresses to be translated. To define the NAT pool, perform the following tasks in global configuration mode:
| Task | Command |
|---|---|
| Step 1 Define a standard access list permitting those addresses that are to be translated. | access-list access-list-number permit source [source-wildcard] |
| Step 2 Establish dynamic source translation, identifying the access list defined in the prior step. | ip nat inside source list access-list-number interface dialer-name overload |
For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book. For information about creating access lists, refer to the chapter "Configuring IP Services" in the Network Protocols Configuration Guide, Part 1.
To configure the LAN interface, perform the following tasks in interface configuration mode:
| Task | Command |
|---|---|
| Step 1 Select a specific LAN interface. | interface type number |
| Step 2 Define the IP address and subnet mask for this interface. | ip address address mask |
For information about assigning IP addresses and subnet masks to network interfaces, refer to the "Configuring IP Services" chapter in the Network Protocols Configuration Guide, Part 1.
| Task | Command |
|---|---|
| Define the interface as internal for network address translation. | ip nat inside |
For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book.
To configure the WAN interface, perform the following tasks in interface configuration mode:
| Task | Command |
|---|---|
| Step 1 Select the WAN interface. | interface type number |
| Step 2 Remove any associated IP address from this interface. | no ip address |
| Step 3 Select PPP as the encapsulation method for this interface. | encapsulation ppp |
| Step 4 Bind the WAN interface to the dialer interface. | dialer pool-member number |
| Task | Command |
|---|---|
| Step 1 Select the dialer interface. | interface dialer-name |
| Step 2 Enable PPP/IPCP negotiation for this interface. | ip address negotiated |
To define that the dialer interface is connected to the outside network, perform the following tasks in interface configuration mode:
| Task | Command |
|---|---|
| Step 1 Select the dialer interface. | interface dialer-name |
| Step 2 Define the interface as external for network address translation. | ip nat outside |
For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book.
To configure the dialer interface information, perform the following tasks in interface configuration mode:
| Task | Command |
|---|---|
| Step 1 Select the dialer interface. | interface dialer-name |
| Step 2 Specify for a dialer interface the length of time the interface waits for a carrier before timing out. | dialer wait-for-carrier-time seconds |
| Step 3 Create a dialer hold queue and specify the number of packets to be held in it. | dialer hold-queue packets |
| Step 4 Specify the remote router CHAP authentication name. | dialer remote-name name |
| Step 5 Specify the amount of idle time that can pass before calls to the central access server are disconnected. | dialer idle-timeout seconds |
| Step 6 Specify the telephone number required to reach the central access server. | dialer string string |
| Step 7 Specify the dialing pool to use. | dialer pool number |
| Step 8 Assign the dialer interface to a dialer group. | dialer-group number |
! The following command defines the NAT pool.ip nat inside source list 101 interface dialer1 overload!! The following commands define the ISDN switch type.isdn switch type vn3 isdn tei-negotiation first-call ! !The following commands define the LAN address and subnet mask.interface ethernet0ip address 10.0.0.4 255.0.0.0 !The following command defines ethernet0 as internal for NAT. ip nat inside ! !The following commands binds the physical interface to the dialer1 interface. interface bri0 no ip address encapsulation ppp dialer pool-member 1 ! interface dialer1 ! !The following command enables PPP/IPCP negotiation for this interface. ip address negotiated encapsulation ppp ! !The following command defines dialer1 interface as external for NAT. ip nat outside dialer remote-name dallas dialer idle-timeout 180 ! !The following command defines the dialer string for central access server. dialer string 4159991234 dialer pool 1 dialer-group 1 ! !The following commands define the static route to the WAN interface. ip route 0.0.0.0 0.0.0.0 dialer1 access-list 101 permit ip 10.0.0.0 0.255.255.255 any dialer-list 1 protocol ip list 101
The following example shows how to configure an asynchronous interface (interface async1) to obtain its IP address via PPP/IPCP address negotiation:
! This command defines the NAT pool.ip nat inside source list 101 interface dialer 1 overload !!The following commands define the LAN IP address and subnet mask.interface ethernet0ip address 10.0.0.4 255.0.0.0 ! !The following command defines ethernet0 as internal for NAT. ip nat inside ! !The following commands bind the physical dialer1 interface. interface async1 no ip address encapsulation ppp async mode dedicated dialer pool-member 1 ! interface dialer1 ! !The following command enables PPP/IPCP negotiation for this interface. ip address negotiated encapsulation ppp ! !The following command defines dialer1 interface as external for NAT. ip nat outside dialer wait-for-carrier-time30dialer hold-queue10dialer remote-name dallas dialer idle-timeout 180 ! !The following command defines the dialer string for central access server. dialer string 4159991234 dialer pool 1 dialer-group 1 ! !The following commands define the static route to the WAN interface. ip route 0.0.0.0 0.0.0.0 dialer1 access-list 101 permit ip 10.0.0.0 0.255.255.255 any dialer-list 1 protocol ip list 101
|
|