Static Nats with multihome environment

Unanswered Question
Dec 10th, 2005
User Badges:

I am looking for examples or assistance on a Cisco 1811 please with static NATs.

I have three ISPs (T1, DSl1, and DSL2) and several statically NATted Web servers, and mail servers (each with a unique IP address). The problem is that traffic comes in on the link from the T1, for example, and can go back out on any of the three links. I want to reverse map the outbound traffic so that it goes back out on the same link *and address* it came in on since there are several virtual IP addresses involved.


I am not sure route maps will work since the do not specify the source address used in the return packet, or can they?


Any ideas? thanks!

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Georg Pauwen Sat, 12/10/2005 - 13:26
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 WAN

Hello Dan,


you might want to look into adding route maps to your static NAT entries for your web and email servers as following:


ip nat inside source static 10.10.10.1 212.136.1.1 route-map TO_ISP_1

ip nat inside source static 10.10.10.2 212.136.2.1 route-map TO_ISP_2

ip nat inside source static 10.10.10.3 212.136.3.1 route-map TO_ISP_3

!

access-list 101 permit ip 10.10.10.0 0.0.0.255 212.136.1.0 0.0.0.255.

access-list 102 permit ip 10.10.10.0 0.0.0.255 212.136.2.0 0.0.0.255

access-list 103 permit ip 10.10.10.0 0.0.0.255 212.136.3.0 0.0.0.255

!

route-map TO_ISP_1 permit 10

match ip address 101

set ip next-hop X.X.X.X (next hop for ISP 1)

!

route-map TO_ISP_2 permit 10

match ip address 102

set ip next-hop Y.Y.Y.Y (next hop for ISP 2)

!

route-map TO_ISP_3 permit 10

match ip address 103

set ip next-hop Z.Z.Z.Z (next hop for ISP 3)

!

interface Serial1/0

description T1 Link To ISP_1

ip address X.X.X.X A.A.A.A

ip nat outside

!

interface ATM0/1

description DSL Link To ISP_2

ip address Y.Y.Y.Y B.B.B.B

ip nat outside

!

interface ATM1/0

description DSL Link To ISP_3

ip address Z.Z.Z.Z C.C.C.C

ip nat outside

!

interface FastEthernet0/1

ip address 10.10.10.254 255.255.255.0

ip nat inside


Obviously the IP addresses used are likely not yours, but you get the concept.

Can you try this and see if it works ?


Regards,


GP

Actions

This Discussion