cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
662
Views
4
Helpful
17
Replies

Need simple solution

sateeshk10
Level 1
Level 1

I have one 2800 series router which is connected to ISP providers. I dont have any FW inside my network.

Here is my requiremetns

user-- Router-- ISP1

ISP2

ISP1 Public pool is 1.1.1.1

ISP2 Public POOL is 2.2.2.2

Internal private pool is 192.168.1.0

1) ISP2 should be backup to primary.

2)I hope defaults can configured like this

ip route 0.0.0.0 0.0.0.0 isp1

ip route 0.0.0.0 0.0.0.0 isp2 100

How the NATing will be configured to use pirmary (ISP1) and secondary as a backup(ISP2)

3) Do we need to implement the policy map?

Regards

sateesh kumar.k

17 Replies 17

lamav
Level 8
Level 8

Sateesh:

Yes, you can use a route map. In fact, you use two of them.

What you do is bind the NAT functions to the respective output interfaces. The output interface the router selects will depend on the availability of the route out that interface. That, in turn, will tell the router which NAT statement is applicable.

Please look at this link. I think you will find it very helpful.

http://ccietobe.blogspot.com/2008/08/nat-redundancy-with-route-maps.html

HTH

Victor

Hi,

Thanks for your prompt response.

if any request comes from 192.168.100.0 it will match both the route-maps. When packet leaving the outside the network how the packet know that it sholud go to ISP1? I hope it should be based on default route only ryt.

But With below mentioned default routes its not working..

ip route 0.0.0.0 0.0.0.0 ISP1

ip route 0.0.0.0 0.0.0.0 ISP2 5

secodnary ISP should be always as backup.

Regards

sateesh

Sateesh:

"if any request comes from 192.168.100.0 it will match both the route-maps."

No, it won't because you are using TWO criteria to match with:

1.) The source network address

2.) The output interface

The output interface is determined by the routing process on your router. In your case, it's the static routes.

"When packet leaving the outside the network how the packet know that it sholud go to ISP1?"

You are going to have two default routes available. If you want a primary/failover set up, then you will make the ISP2 default route a floating static so that it will only be placed in the routing table in the event that the link to ISP1 fails.

[EDIT] It may help for you to understand the order of operations for NAT interfaces.

When a packet enters a router through the NAT "inside" interface, it will first be routed and then NAT'ed. [EDIT]

HTH

Victor

Hi

it will first be routed and then NAT'ed..

This cleared all my doubts. But pl.find the below final config

ip nat inside source route-map ISP-A interface Serial2/1 overload

ip nat inside source route-map ISP-B interface Serial2/0 overload

!

!

ip access-list extended LAN-NATTED-OUT

permit ip 10.15.7.0 0.0.0.255 any

!

route-map ISP-B permit 10

match ip address LAN-NATTED-OUT

match interface Serial2/0

!

route-map ISP-A permit 10

match ip address LAN-NATTED-OUT

match interface Serial2/1

ip route 0.0.0.0 0.0.0.0 ISPA

ip route 0.0.0.0 0.0.0.0 ISPB 50

I hope with abv config it shld work ryt? but its not working what could be the issue...

With same config somebody tested live..but its not working..

Regards

sateesh

Sateesh:

Can you post the device's entire configuration?

Can you also post the route table?

Can you lastly post a "sh ip int brief"?

Victor

Hi,

This is not yet implemented who implemented the same with the same config, its not working.

I am sorry to say that i can`t provide the required info.

Will this scenario work with the config which i have provided to you.

Regards

sateesh

From what I see, yes, the configuration looks good.

Are you sure you have configured the NAT "inside" and "outside" statements under the appropriate interfaces?

Victor

tim1csolutions
Level 1
Level 1

.

Edison Ortiz
Hall of Fame
Hall of Fame

Sateesh,

Please refer to this thread:

http://tinyurl.com/cyj44y

HTH,

__

Edison.

Edison, do you see a reason right off the bat why his configuration would not work?

Thx

Victor

Edison...Edison...Edison...?

Bueller....Bueller...Bueller...?

Victor,

Troubleshoot.

show ip nat trans

show ip nat stat

show ip route

Will certainly help...

Wow! What a NON-answer. :-)

If I had some equipment in front of me I would "troubleshoot." But since you recommended a thread after the OP said my set up didnt work, I thought perhaps you had a definite clue as to what was wrong.

Thanks anyway

Hi,

This much of big tread for the same.

If i follow the same will this work.

Regards

sateesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco