×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Help for NAT & match detailed explanation

Unanswered Question
Dec 8th, 2011
User Badges:

Hi all


was in a mess as i have worked mostly on switches never worked on router.


we have bought 2911 router recently has to set up VOIP line seperately for the network


we have two two broadband service provider:

1. how can i use 1 line as an active and other line as a failover(when 1 line is down other line should automatically bear the traffic).

clear config wil help me a lot. NATTING using MAtch address objects


( roughly )

broadband service provider 1: 97.89.X.X  255.255.252.0  

broadband service provider 2: 10.0.x.x 255.255.240.0


2. there are only 20 users to set up a voip line now.

here we have telecom provider where they should route the traffic to make any international calls( say telecom public ip 200.200.109.110)

from lan - wan everything is allowed

from wan -lan we have to allow only telcom provider IP(200.200.109.110)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Carlo Poggiarelli Fri, 12/09/2011 - 04:28
User Badges:
  • Green, 3000 points or more

Hi.


For First question  you can use track objects to verify if a connection is up or down and use route-map based Nat to use right interface ip address to be natted.


Ok let's see the regarding config


Verify if one provider is up..


Assume our internet connections are


Interface Fa0/0

ip add 200.200.100.2 255.255.255.252

Description Provider 1


Interface Fa0/1

ip add 200.200.200.2 255.255.255.252

Description Backup Provider




ip sla 1 (With this we ping an external ip always reachable)

icmp echo 8.8.8.8 (ie. google dns always reachable)

frequency 5

timeout 5000


ip sla schedule 1 starttime now lifetime forever


track 1 rtr 1 (We define a track object which will monitor the ip sla 1 status and will be used in later config)


ip route 8.8.8.8 255.255.255.255 200.200.100.1

ip route 0.0.0.0 0.0.0.0 200.200.100.1 track 1 (default route to main provider tracking ip sla 1 status)

ip route 0.0.0.0 0.0.0.0 200.200.200.1 200 (a second default route with an higher metric will be used only if first provider is down)




rote-map Provider1

match interface fastEthernet 0/0

match ip address NAT



rote-map Provider2

match interface fastEthernet 0/1

match ip address NAT


access-list NAT

permit ip 192.168.0.0 0.0.0.255 any (assuming your internal lan is 192.168.0.0/24)


ip nat inside source route-map Provider1 interface Fastethernet0/0 overload


ip nat inside source route-map Provider2 interface Fastethernet0/1 overload





Hope This Helps


Regards


Carlo

Latchum Naidu Fri, 12/09/2011 - 05:36
User Badges:
  • Blue, 1500 points or more

Hi Srikanth,


Please see the below example config for failover between two ISP's and also NAT failover.
You need to change the IP address and internal address at necessary places.


interface FastEthernet0/0
bandwidth 2048
ip address 200.200.109.110 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 206.206.206.2 255.255.255.248
ip nat outside
duplex auto
speed auto

!
interface Vlan1
description to LAN
ip address 10.100.100.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!

ip route 0.0.0.0 0.0.0.0 200.200.109.110
ip route 0.0.0.0 0.0.0.0 206.206.206.2 10
!

ip nat inside source route-map NAT interface FastEthernet0/0 overload
ip nat inside source route-map NAT interface FastEthernet0/1 overload

!
ip sla 1
icmp-echo 206.206.206.2 source-interface FastEthernet0/0
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now


access-list 101 permit ip 10.100.100.0 0.0.0.255 any

!
route-map NAT permit 10
match ip address 101
match interface FastEthernet0/0
!
route-map NAT permit 10
match ip address 101
match interface FastEthernet0/1


Please rate the helpfull posts.
Regards,
Naidu.

Carlo Poggiarelli Fri, 12/09/2011 - 05:55
User Badges:
  • Green, 3000 points or more

Hi Naidu.

Your config is silmilar to what I posted.

The problem in you config is that ip route to the next provider will not be used until fastethernet remains up.

So you have ,necessarily, to verify the internet connectivity.

That's why I used a track object to obtain a valid check.


Regards



Carlo

Latchum Naidu Fri, 12/09/2011 - 06:02
User Badges:
  • Blue, 1500 points or more

Hi Carlo,


Huff, I didnt have my cup of tea....

I forgot that command.


track 1 ip sla 1 reachability



Please rate the helpfull posts.

Regards,

Naidu.

Carlo Poggiarelli Fri, 12/09/2011 - 06:14
User Badges:
  • Green, 3000 points or more

Hi Naidu.


Another cup of tea


You cannot config two route-maps with the same name



Regards


Carlo

srikanth ath Fri, 12/09/2011 - 07:48
User Badges:

HI carlo/naidu





Thanks a lot guys. I can relax and have a cup of tea now with ur help as i went through Number of documents online couldnt find the way ur config luks.will have to work out on this on monday and if i face any problem wil defenetely update it.

and in the mean while can you give me a link, which helpsme to have an idea on each and every command purpose..



thanks & regards

srikanth

Carlo Poggiarelli Fri, 12/09/2011 - 08:14
User Badges:
  • Green, 3000 points or more

Hi Srilkanth.


These two links lead to what yuo need to know about what me and Naidu suggested you.


1- Backup Routing using track object


http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html


2- Load Balancig/ Failover Nat


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml


HTH


Regards


Carlo

Actions

This Discussion