I'm not sure about cisco871 and his FastEthernet4 interface .
I have connection to ISP1, fa4 is used as outside interface. LAN is connected using fa0 (trunk for 3 networks inside LAN, vlan routing on c871). this design is clear and working without problem.
interface FastEthernet4 description uplink to ISP1 ip address ISP1 netmask ip access-group Internet in ip mtu 1300 ip nat outside ip inspect MyInspect out ip virtual-reassembly no ip mroute-cache duplex auto speed auto crypto map IPSec end
Now I have connected ISP2 (in near future this will replace ISP1). ISP2 is connected to fa3:
description new uplink to ISP2
switchport access vlan 50
interface Vlan50 ip address ISP2 netmask ip access-group Internet-sanet in ip nat outside ip nat enable ip virtual-reassembly end
connectivity to both providers is ok. default gw is to ISP1. when I set static route for some dst through ISP2, connectivity from this dst to router is successful.ok, it looks, that all is working. I tried change default GW to ISP2.
connectivity to/from router is ok. problem is nat for clients in lan. after default gw change are lan clients translated always to ISP1 outside address
ip nat inside source list nat-isp1 interface FastEthernet4 overload ip nat inside source list nat-isp2 interface Vlan50 overload
acl nat-isp1 and nat-isp2 are same:
10 deny ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255 20 deny ip 192.168.2.0 0.0.0.255 192.168.254.0 0.0.0.255 30 deny ip 192.168.10.0 0.0.0.255 192.168.254.0 0.0.0.255 40 permit ip 192.168.1.0 0.0.0.255 any
50 permit ip 192.168.2.0 0.0.0.255 any 60 permit ip 192.168.10.0 0.0.0.255 any
#sh ip int brie FastEthernet4 ISP1 YES manual up up Vlan1 192.168.1.1 YES NVRAM up up NVI0 ISP1 YES unset up up Vlan2 192.168.2.1 YES NVRAM up up Vlan10 192.168.10.1 YES NVRAM up up Vlan50 ISP2 YES NVRAM up up
NVI0 interface is using address of fa4.
my questions are:
1. It's possible change NVI0 address to other IP as IP of fa4 interface?
2. It's possible change NAT for connectivity through ISP2 (fa3) change to other public address? I'm not sure, because fa0-3 are switched ports and it's not possible change fa3 to L3 only (no switchport).
router is cisco 871, c870-advipservicesk9-mz.124-15.T7.bin.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...