I'm not sure about cisco871 and his FastEthernet4 interface .
I have connection to ISP1, fa4 is used as outside interface. LAN is connected using fa0 (trunk for 3 networks inside LAN, vlan routing on c871). this design is clear and working without problem.
description uplink to ISP1
ip address ISP1 netmask
ip access-group Internet in
ip mtu 1300
ip nat outside
ip inspect MyInspect out
no ip mroute-cache
crypto map IPSec
Now I have connected ISP2 (in near future this will replace ISP1). ISP2 is connected to fa3:
description new uplink to ISP2
switchport access vlan 50
ip address ISP2 netmask
ip access-group Internet-sanet in
ip nat outside
ip nat enable
connectivity to both providers is ok. default gw is to ISP1. when I set static route for some dst through ISP2, connectivity from this dst to router is successful.ok, it looks, that all is working. I tried change default GW to ISP2.
connectivity to/from router is ok. problem is nat for clients in lan. after default gw change are lan clients translated always to ISP1 outside address
ip nat inside source list nat-isp1 interface FastEthernet4 overload
ip nat inside source list nat-isp2 interface Vlan50 overload
acl nat-isp1 and nat-isp2 are same:
10 deny ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255
20 deny ip 192.168.2.0 0.0.0.255 192.168.254.0 0.0.0.255
30 deny ip 192.168.10.0 0.0.0.255 192.168.254.0 0.0.0.255
40 permit ip 192.168.1.0 0.0.0.255 any
50 permit ip 192.168.2.0 0.0.0.255 any
60 permit ip 192.168.10.0 0.0.0.255 any
#sh ip int brie
FastEthernet4 ISP1 YES manual up up
Vlan1 192.168.1.1 YES NVRAM up up
NVI0 ISP1 YES unset up up
Vlan2 192.168.2.1 YES NVRAM up up
Vlan10 192.168.10.1 YES NVRAM up up
Vlan50 ISP2 YES NVRAM up up
NVI0 interface is using address of fa4.
my questions are:
1. It's possible change NVI0 address to other IP as IP of fa4 interface?
2. It's possible change NAT for connectivity through ISP2 (fa3) change to other public address? I'm not sure, because fa0-3 are switched ports and it's not possible change fa3 to L3 only (no switchport).
router is cisco 871, c870-advipservicesk9-mz.124-15.T7.bin.
thanks for any help.