07-29-2010 07:11 AM - edited 03-06-2019 12:14 PM
Hello all,
The problem I have with the below configuration is:
Client: 10.10.40.4 can't not go out ISP B because it is static NAT to the secondary subnet ip of ISP B.
If I static NAT 10.10.40.4 to the primary subnet ip of ISP B such as 10.10.20.4, it will work.
Some of my internal LAn clients use ISP B primary ip, some use ISP B secondary ip, and some use ISP A ip.
What is wrong with this configuration and how can we make this work?
Please help.
Many thanks,
Vu
----------------------------------------------------------------
ISP A
10.10.10.0/24
ISP A router ip: 10.10.10.1
----------------------------------------------------------------
ISP B
10.10.20.0/24
10.10.30.0/24 secondary
ISP B router ip: 10.10.20.1
ISP B router second ip: 10.10.30.1 secondary
----------------------------------------------------------------
My Cisco Router
Outside interface E0 ip: 10.10.10.2 is connect to ISP A router.
Outside interface E2 ip: 10.10.20.2 is connect to ISP B router.
Inside interface E3 ip: 10.10.40.1 is connect to internal LAN with PBR enable
----------------------------------------------------------------
Defaul route setting on my Cisco Router
route 0.0.0.0 0.0.0.0 10.10.10.1 -----> this is going to ISP A network
route 0.0.0.0 0.0.0.0 10.10.20.1 2 -----> this is going to ISP B network
----------------------------------------------------------------
NAT translation setting on my Cisco Router
ip nat inside source static 10.10.40.2 10.10.10.2 ----> this will always go to ISP A
ip nat inside source static 10.10.40.3 10.10.20.2 ----> this will always go to ISP B through PBR
ip nat inside source static 10.10.40.4 10.10.30.2 ----> this should always go to ISP B through PBR
----------------------------------------------------------------
Access list for PBR
ip access-list standard ACL_PBR
permit 10.10.40.3
permit 10.10.40.4
----------------------------------------------------------------
PBR setting
route-map PBR permit 10
match ip address ACL_PBR
set ip next-hop 10.10.20.1
----------------------------------------------------------------
07-29-2010 07:27 AM
Hello,
Can you please post the relevant configurations here? When you say secondary
subnet, does your ISP route the traffic for that secondary subnet to your
router or have they also configured a secondary IP on their interface facing
your router?
Regards,
NT
07-29-2010 07:45 AM
Hi NT,
Thanks for reply. I ran out of IP to use in ISP B network, so I requested more IP. They sent me a block of new ips and configured to their router as the secondary set. The interface has two ip and I can ping both of them from inside of my router that connect to that router. If my client host is nat to the primary ip subnet, it works. But if my client host nat to the secondary subnet, it's not work. My PBR is configured with the next hop pointing to the ISP interface primary IP.
I will upload a configuration soon.
Thanks,
Vu
Configuration sample:
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco1941
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
interface GigabitEthernet0/0
description Connection to router B
ip address 10.10.20.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Connection to router A
ip address 10.10.10.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
description Connection to LAN
ip address 10.10.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map PBR
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static 10.10.40.2 10.10.10.2
ip nat inside source static 10.10.40.3 10.10.20.2
ip nat inside source static 10.10.40.4 10.10.30.2
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 0.0.0.0 0.0.0.0 10.10.20.1 2
ip route 0.0.0.0 0.0.0.0 10.10.30.1 2
!
ip access-list standard ACL_PBR
permit 10.10.40.3
permit 10.10.40.4
!
!
route-map PBR permit 10
match ip address ACL_PBR
set ip next-hop 10.10.20.1
!
!
Message was edited by: Vu Nguyen
07-29-2010 08:18 AM
Hello,
Let us try the following:
interface GigabitEthernet0/0
description Connection to router B
ip address 10.10.20.2 255.255.255.0
ip address 10.10.30.2 255.255.255.0 secondary
exit
access-list 2 permit host 10.10.40.4
route-map PBR permit 10
match ip address ACL_PBR
set ip next-hop 10.10.20.1
route-map PBR permit 20
match ip address 2
set ip next-hop 10.10.30.1
This way, the traffic will go through the second ISP with appropriate NATed
IP address.
Hope this helps.
Regards,
NT
07-29-2010 08:45 AM
Hi NT,
Thanks for the advice. I have not think of that setting. I will try it out and let you know if it works. Thanks again,
Vu
07-29-2010 05:10 PM
Hi NT,
I tried this configuration but still not work.
If I nat 10.10.40.4 to an ip 10.10.30.3 of the secondary subnet, it not work
If I nat 10.10.40.4 to an ip 10.10.20.3 of the primary subnet, it works.
Any idea? Thanks,
Vu
07-29-2010 08:20 PM
Hello,
Let us try this:
interface GigabitEthernet0/0
ip nat outside
exit
interface GigabitEthernet0/1
ip nat outside
exit
interface FastEthernet0/0/0
ip nat inside
exit
ip nat inside source static 10.10.40.4 10.10.30.4 extendable
I tried it in one of my setup and it works fine as long as my ISP router has
a route to 10.10.30.4 pointing to 10.10.20.1 address. If this is not
working, I would suggest you talking to the ISP and having them remove the
secondary address on the interface and just adding a static route.
ip route 10.10.30.0 255.255.255.0 10.10.20.1
Hope this helps.
Regards,
NT
07-30-2010 06:22 AM
hi guys i'm new to this community ..i need to know about how to start this networking .. has i'm a niit student from india (bangalore).. ccna in study .. so make free to talk with me .. here is my mail-id sandsip@gmail.com.. pls
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: