Multiple wan interfaces with static nat translations

Answered Question
Mar 25th, 2010

Hello everyone,

I am currently considering the way to accomplish the following. We have a cisco 2811 with 3 wan interfaces ( ADSL with different ISPs ) for load balancing - failover. My problem is how to accomplish static nat to multiple hosts on the lan interface. Seems to me that the way to do this is by either using multiple IPs on the host machines or by using route-maps and block the unneeded ports with access lists. Multiple IPs on host machines is not supported for the particular host operating system ( causes problems ) and from what I see with the use of route-maps I can actually nat one host to each public IP where I want to nat to two hosts ..... Is the only to achieve this with the use of another router between the LAN and 2811? This project is not actually working at the moment so I cant provide some configuration at the time, I am just wandering if this is possible with some other way....

Thanks in advance

I have this problem too.
0 votes
Correct Answer by Neeraj Arora about 6 years 8 months ago

Hey Bill,

Correct me if I am wrong, you want to forward traffic to a single host using multiple Public ip's? Or is it that you want to forward traffic coming on multiple ports to this single host?

** If its the first option, then thats not possible i.e you cannot use the same private inside ip with multiple public ip without a route-map. That too will only work in a Failover scenario, not when the traffic is being Load Balanced while going out.

Eg:

route-map isp1 permit 10
match interface FastEthernet0

route-map isp2 permit 10
match interface FastEthernet1

ip nat inside source static 192.168.1.10 207.127.77.33 route-map isp1

ip nat inside source static 192.168.1.10 199.199.77.33 route-map isp2

** If you are looking for forward different ports to the same inside host, then thats possible through port redirection:

ip nat inside source static tcp 192.168.1.10 3389 207.127.77.33 3389

ip nat inside source static tcp 192.168.1.10 80 207.127.77.33 80

In this situation also, the same rule will apply that load balancing of outgoing traffic will cause issues in NAT's proper working.

Hope it helps.

Neeraj

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Neeraj Arora Wed, 03/31/2010 - 21:12

Hey Bill,

Correct me if I am wrong, you want to forward traffic to a single host using multiple Public ip's? Or is it that you want to forward traffic coming on multiple ports to this single host?

** If its the first option, then thats not possible i.e you cannot use the same private inside ip with multiple public ip without a route-map. That too will only work in a Failover scenario, not when the traffic is being Load Balanced while going out.

Eg:

route-map isp1 permit 10
match interface FastEthernet0

route-map isp2 permit 10
match interface FastEthernet1

ip nat inside source static 192.168.1.10 207.127.77.33 route-map isp1

ip nat inside source static 192.168.1.10 199.199.77.33 route-map isp2

** If you are looking for forward different ports to the same inside host, then thats possible through port redirection:

ip nat inside source static tcp 192.168.1.10 3389 207.127.77.33 3389

ip nat inside source static tcp 192.168.1.10 80 207.127.77.33 80

In this situation also, the same rule will apply that load balancing of outgoing traffic will cause issues in NAT's proper working.

Hope it helps.

Neeraj

bkran Wed, 03/31/2010 - 23:20

Hey Neeraj,

Your answer is correct, I wasn't sure I could use nat with route-maps this way.....

Thank you for your time

Actions

This Discussion