cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1096
Views
0
Helpful
10
Replies

NAT config with two default gateways

imanassypov
Level 1
Level 1

Hi,

I got a router with two nics - 'a' and 'b'.

I have to setup a static nat for traffic coming from 'b' ip space to 'a'. The router has two equal cost default gateways - one on 'a', and one on 'b'. The trouble I am having is the reverse path for that nat is taking a different route from where it came from.

Does routing happen before nat'ing? How can I make the router to preserve the flow state, i.e. route back the natted traffic through the same interface it came from?

Thanks!

-igor

10 Replies 10

paolo bevilacqua
Hall of Fame
Hall of Fame

Hi Igor,

If you have two default routes, traffic will be split on them. In your case, it does not seem right that you have two default routes, because one interface is inside and the other is outside, usually the default is on outside only.

I think that you have to better define routing, possible use PBR, but I would need to explain in more detail what you are actually trying to do.

Thanks for prompt reply.

I am setting up the router for my internet load balancing between several providers. It will be installed in front of the existing firewall as its default gateway. The router itself has two dg towards existing and new providers. The nat from the new provider to the existing is giving me a headache, since as I explained the return traffic is load balanced regardless of flow state.

Due to certain conditions I cant introduce a third subnet to hide my fw.

What can be done in this case? I cant come up with a pbr for it...

Thanks again for your help.

-igor

Hi,

what confuses me is that you are trying to do NAT between the two ISPs. In a "normal" situation with two outside and one inside, traffic would always come back from where it left because of NAT itself. But as you say there may be certain complications in your situation that prevent that to happen.

What is the order of processing - does nat happen before routing takes place or vice versa?

Routing comes before NAT.

Hm, If the routing comes before nat, then in situation as you describe with two outside and one inside having two nats on both isp's would not help either. Returning traffic would get load balanced first before it hits either of the nats. Would it not?

Hello,

with two outside interfaces, and NAT made via "interface x/y overload", traffic will always return via the interface used for outgoing, because to all effects for the internet, it has been originated from that interface.

If the two interfaces are equally balanced is another matter, usually due to properties of CEl algorithm, they are.

Hope this helps, please rate post if it does!

Yep, the isp's are equally balanced - that is the genuine culprit to all of this. Routing policies are not applicable in this scenario also, because they get inspected before reverse nat takes place you you can't tell which link the flow came from.

I have to admit, I'm still unable to understand in essence what the problem is.

Perhaps a diagram and configuration would help me in this.

foxbatreco
Level 3
Level 3

Hii..

the topic seems intersting ..bt we are unable to get wht u exactly mean by this..also u hv a firewall and router..can u pls elaborate the thing further..??

is the links getting terminated to router or firewall?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco