Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
1
Replies

c871 ISP change without outage

Martin Kyrc
Level 3
Level 3

‎11-27-2009 03:23 PM - edited ‎03-06-2019 08:45 AM

hello guys,

I'm not sure about cisco871 and his FastEthernet4 interface .

I have connection to ISP1, fa4 is used as outside interface. LAN is connected using fa0 (trunk for 3 networks inside LAN, vlan routing on c871). this design is clear and working without problem.

interface FastEthernet4
description uplink to ISP1
ip address ISP1 netmask
ip access-group Internet in
ip mtu 1300
ip nat outside
ip inspect MyInspect out
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
crypto map IPSec
end

Now I have connected ISP2 (in near future this will replace ISP1). ISP2 is connected to fa3:

interface FastEthernet3

description new uplink to ISP2

switchport access vlan 50

end

interface Vlan50
  ip address ISP2 netmask
  ip access-group Internet-sanet in
  ip nat outside
  ip nat enable
  ip virtual-reassembly
end

connectivity to both providers is ok. default gw is to ISP1. when I set static route for some dst through ISP2, connectivity from this dst to router is successful.ok, it looks, that all is working. I tried change default GW to ISP2.

connectivity to/from router is ok. problem is nat for clients in lan. after default gw change are lan clients translated always to ISP1 outside address

ip nat inside source list nat-isp1 interface FastEthernet4 overload
ip nat inside source list nat-isp2 interface Vlan50 overload

acl nat-isp1 and nat-isp2 are same:

    10 deny ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255
    20 deny ip 192.168.2.0 0.0.0.255 192.168.254.0 0.0.0.255
    30 deny ip 192.168.10.0 0.0.0.255 192.168.254.0 0.0.0.255
    40 permit ip 192.168.1.0 0.0.0.255 any

    50 permit ip 192.168.2.0 0.0.0.255 any
    60 permit ip 192.168.10.0 0.0.0.255 any

#sh ip int brie
FastEthernet4     ISP1       YES manual up                    up     
Vlan1                 192.168.1.1     YES NVRAM  up                    up     
NVI0                  ISP1      YES unset  up                    up     
Vlan2                 192.168.2.1     YES NVRAM  up                    up     
Vlan10               192.168.10.1    YES NVRAM  up                    up     
Vlan50                ISP2 YES NVRAM  up                    up

NVI0 interface is using address of fa4.

my questions are:

1. It's possible change NVI0 address to other IP as IP of fa4 interface?

2. It's possible change NAT for connectivity through ISP2 (fa3) change to other public address? I'm not sure, because fa0-3 are switched ports and it's not possible change fa3 to L3 only (no switchport).

router is cisco 871, c870-advipservicesk9-mz.124-15.T7.bin.

thanks for any help.

--

martin

Labels:
0 Helpful
1 Reply 1

Phillip Remaker
Cisco Employee
Cisco Employee

‎12-01-2009 06:40 AM

OK, let me take a stab here.  Disclaimer: I have not used NVI, or the 871 series but have worked with classic NAT.

Seems like you are mixing NAT NVI config with classic NAT config.

Since you have specified the interfaces as "outside" I presume that they will be classic NAT, not NVI. Why use NVI here?

You are correct that the 4 interfaces cannot act independently as L3 entities on an 871.

Nat Order Of Operation mey be insightful:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

What is the crypto-map doing?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card