This example assumes that a Cisco 1601 router is used, with one Ethernet port
and one Serial port. A modem is connected to the Serial port, and is used
to dial into an ISP. The router is issued a static PPP address at each dial-in,
and a range of 5 IP addresses has been assigned to this customer, but from the
same address range as the address assigned to the dialer port.
This is common way for customers to try and pinch pennies, since an ISP often charges less to assign static IP addresses from one address-range used for PPP connections, than they charge to assign a customer their own subnet.
In this example, these 5 addresses are used to provide Internet-routable addresses to 5 hosts on the LAN segment, which are using private, non-Internet routable RFC 1918 addresses, 10.0.0.0 /24.
These translations are, in this example, assigned statically: each host on the LAN is always assigned the same external address when translated. This could alternately be configured as a pool, where the router chooses an address to translate randomly. Static translation is preferable when this is used as a remote-office solution, where this LAN might be a remote office connecting through their Local ISP to their main office across the Internet, but through a firewall at the remote end. Using static addresses allows the firewall to build rules against specific addresses on the remote office LAN.
Cisco IOS Config
username billGates password Linux
chat-script dialnum ABORT ERROR ABORT BUSY "" "ATDT\T" TIMEOUT 60 CONNECT
ip nat inside source static 10.10.10.6 212.32.8.98
ip nat inside source static 10.10.10.7 212.32.8.99
ip nat inside source static 10.10.10.8 212.32.8.100
ip nat inside source static 10.10.10.9 212.32.8.101
ip nat inside source static 10.10.10.10 212.32.8.102
interface Ethernet0
description Connects to my local LAN
ip address 10.10.10.1 255.255.255.0
ip nat inside
interface Serial0
description This is the port I plug my modem into.
physical-layer async
no ip address
ip nat outside
encapsulation ppp
dialer in-band
dialer rotary-group 0
async default routing
async mode dedicated
interface Dialer0
description This logical interface dials into my favorite ISP
ip address 212.32.8.97 255.255.255.224
ip nat outside
encapsulation ppp
dialer in-band
dialer idle-timeout 2147483
dialer map ip 195.200.12.5 broadcast 4412961955
dialer-group 1
ppp authentication pap callin
ppp pap sent-username billGates password Linux
ip route 0.0.0.0 0.0.0.0 195.200.12.5
ip route 10.10.10.0 255.255.255.0 195.200.12.5
ip route 195.200.12.5 255.255.255.255 Dialer0
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
line 1
script dialer dialnum
modem InOut
transport input all
stopbits 1
speed 19200
flowcontrol hardware
Explanation
Your network will look like this:
What you have is a Dialer interface on the router that issues the telephone number to the modem to dial into the local ISP, which the Serial port can do, since the Cisco 1601 uses a Serial port that can be defined as Synchronous or Asynchronous. The router's Dialer port is issued the same static IP address, and the ISP has configured their routers to forward all traffic to the 5 reserved addresses to this address used by your router's Dialer port.
The Cisco 1601 is configured with 5 static NAT translations, assigning one of the ISP's reserved addresses to one of the hosts on the local LAN. The Cisco 1601 is configured with 3 static routes to allow for correct routing: all traffic is by default routed to an upstream device at the ISP that either has a full routing table (a router) or will forward the traffic on to the appropriate routers (which the DNS host will do), a static route is defined that points all traffic destined for the local LAN back to this same upstream device (which honestly doesn't make sense, but is required to make this work), and finally a static route is configured that defines how to get to this upstream host.
What the IOS configs mean:
chat script {name} {options} (This is the modem init-string, calle a "chat-script" by Cisco. This sends the various commands to the modem to make it work. The name is any name you choose. The chat-script in this example will work with most modems)
ip nat inside source static {internal address}{external address} (This statically assigns one of the reserved addresses from the ISP to one of the addresses on the local LAN. One entry is made per host on the local LAN)
interface Ethernet 0
ip nat inside (This defines where the internal addresses are that will be
translated)
interface Serial 0
physical-layer async (On the Cisco 1601, this defines whether the Serial
interface is Asynchronous, which is required for use with a modem, or whether
it is Synchronous, which is the default)
ip nat outside (This defines where the external addresses are that
will be used for translation)
dialer in-band (This is required to make the modem dial)
dialer rotary-group 0 (This asscociates the physical interface with the
logical interface doing the dialing)
async default routing (Enable routing across the Async port)
async mode dedicated (Not sure what this does, but it's required)
interface Dialer 0 (This creates the logical interface that will
contain the dialing parameters)
ip nat outside (This, again, defines were the external NAT addresses
are)
dialer idle-timeout 2147483 (This defines how much idle-time, in
minutes, passes before the line is hung up. The ISP may have it's own idle
timeout value, which will make this one irrelevant)
dialer map ip {address} broadcast {phone number} (This maps the
IP address of the upstream device with a phone number, along with the
"broadcast" keyword which is required to enable routing across the link, which
the router normally won't do over a non-broadcast medium. You need to map at
least one IP address with a phone number, in order to enable dialing)
dialer-group 1 (Assigns access-list 1 to this interface)
ppp authentication pap callin (This enable the username and password
to be sent to the ISP in the form of PAP authentication. CHAP can also be
defined, if this is what the ISP uses. The "callin" keyword is required to
just send the password, instead of sending and then waiting for a password
to return as a result of dual-authentication, which is the default method.
Without this, the router will send the password but then wait for one to be
sent back, and eventually give up and terminate the call)
ppp pap sent-username {username} password {password} (This sends the
username and password)
ip route 0.0.0.0 0.0.0.0 {upstream device} (This configures a default route, pointing all unknown traffic upstream to the ISP's router or forwarding host)
ip route {internal network number}{subnet mask}{upstream device} (This is required to make the connection work, but doesn't make sense logically. Just one of the wonders of the IOS, I suppose)
ip route {upstream device}{subnet mask}{local dialing interface} (This defines how to reach the upstream device)
access-list 1 permit {local address range}{reverse mask} This defines what address range to allow)
dialer-list 1 protocol {protocol} permit (This allows you to filter per protocol type. At least one protocol needs to be defined)
line 1
script dialer {chat-script name} (This assigns the chat-script you
defined to the physical line the modem is connected to)
modem InOut (This controls whether the modem will only dial out, or
accept incoming calls, or both. In this case it will be both)
The rest of the options under the Line are the settings required by the modem
show ip nat statistics (Displays NAT statistics)
debug ppp dialer (Displays PPP activity during dial-up)
debug ppp authentication (Displays PPP authentication during dial-up)
debug ip nat (Displays NAT activity in real-time)