DNAT on one external interface only

iordann · ‎06-28-2007

Hi,

i'm trying to configure 1811 for a simple multi-homing with Reliable Static Routing Backup Using Object Tracking.

The Basic configuration with the 2 outside interfaces connected to 2 ISP works OK so far.

The problem is with the outgoing SMTP server - computers on the inside network connects to "primary" SMTP server 1.1.1.1, located at ISP1 over FastEthernet0. If the connection with ISP1 is lost, they should use SMTP server 2.2.2.2 at ISP2 over FastEthernet1.

Generally I need outside NAT 2.2.2.2 to 1.1.1.1, which works only when default route is over FastEthernet1.

The common configuration, when 1.1.1.1 is dnat-ed to 2.2.2.2 works fine, but is not suitable in this case:

ip nat outside source static tcp 2.2.2.2 25 1.1.1.1 25

i try to use route-map, but can't make it to work:

access-list 101 permit tcp host 2.2.2.2 any eq smtp

ip local pool MS 1.1.1.1

route-map SMTPS permit 10

match ip address 101

match interface FastEthernet1

ip nat outside source route-map SMTPS pool MS

any ideas?

iordann · ‎07-02-2007

I make it to work with a "brute furce" - dinamically changing configuration:

event manager applet NW_Up

event track 123 state up

action 1.0 syslog msg "Main link up"

action 1.5 cli command "enable"

action 2.0 cli command "clear ip nat translation *"

action 3.0 cli command "configure terminal"

action 4.0 cli command "no ip nat outside source static tcp 1.1.1.1 25 2.2.2.2 25"

action 6.0 cli command "exit"

event manager applet NW_Down

event track 123 state down

action 1.0 syslog msg "Main link down"

action 1.5 cli command "enable"

action 2.0 cli command "clear ip nat translation *"

action 3.0 cli command "configure terminal"

action 4.0 cli command "ip nat outside source static tcp 1.1.1.1 25 2.2.2.2 25"

action 6.0 cli command "exit"