Policy NAT query

Unanswered Question
Mar 11th, 2009
User Badges:


We are multi-homed with two ISP's and are load balancing with OER. We have a WAN connection to our European Data Centre where there is a third internet connection. I want to add this third connection as an OER exit link.

As this WAN Connection is not part of our BGP setup, I need to translate traffic that OER decides to route over this link to an address that is routable over the WAN. This is easily achieved with:-

access-list 103 permit ip any

ip nat inside source list 103 interface FastEthernet0/1 overload oer

For our Mail Server, I need to ensure that a one to one translation is made when OER selects the WAN as the best exit. i.e. I want to translate from the Public IP of our mail server to an address routable over the WAN, only when the traffic leaves via f0/1. This is to ensure that traffic from the mail server, originates from an address with a valid MX and SPF record.

I have briefly tested this using the configuration below and it seems to work, however it's not particularly elegant. Is there a neater way of achieving this?

interface Loopback1

ip address

ip nat inside source route-map MAIL interface Loopback1 overload reversible

access-list 106 remark -- MAIL Public --

access-list 106 permit ip host any

route-map MAIL permit 10

match ip address 106

match interface FastEthernet0/1

I would also like to the translation to be triggered if hosts from the Internet initate connections to the mail server via the WAN. Hopefully the reversible keyword will achieve this?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion