Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Help me route

Hello all,

The problem I have with the below configuration is:

Client: 10.10.40.4 can't not go out ISP B because it is static NAT to the secondary subnet ip of ISP B.
If I static NAT 10.10.40.4 to the primary subnet ip of ISP B such as 10.10.20.4, it will work.
Some of my internal LAn clients use ISP B primary ip, some use ISP B secondary ip, and some use ISP A ip.

What is wrong with this configuration and how can we make this work?

Please help.

Many thanks,

Vu

----------------------------------------------------------------
ISP A

10.10.10.0/24

ISP A router ip: 10.10.10.1

----------------------------------------------------------------
ISP B

10.10.20.0/24
10.10.30.0/24 secondary

ISP B router ip: 10.10.20.1
ISP B router second ip: 10.10.30.1 secondary

----------------------------------------------------------------
My Cisco Router

Outside interface E0 ip: 10.10.10.2 is connect to ISP A router.
Outside interface E2 ip: 10.10.20.2 is connect to ISP B router.
Inside interface E3 ip: 10.10.40.1 is connect to internal LAN with PBR enable

----------------------------------------------------------------
Defaul route setting on my Cisco Router

route 0.0.0.0 0.0.0.0 10.10.10.1   -----> this is going to ISP A network
route 0.0.0.0 0.0.0.0 10.10.20.1 2 -----> this is going to ISP B network

----------------------------------------------------------------
NAT translation setting on my Cisco Router

ip nat inside source static 10.10.40.2 10.10.10.2 ----> this will always go to ISP A
ip nat inside source static 10.10.40.3 10.10.20.2 ----> this will always go to ISP B through PBR
ip nat inside source static 10.10.40.4 10.10.30.2 ----> this should always go to ISP B through PBR

----------------------------------------------------------------
Access list for PBR

ip access-list standard ACL_PBR
permit 10.10.40.3
permit 10.10.40.4

----------------------------------------------------------------
PBR setting

route-map PBR permit 10
match ip address ACL_PBR
set ip next-hop 10.10.20.1

----------------------------------------------------------------

Everyone's tags (1)
7 REPLIES
Cisco Employee

Re: Help me route

Hello,

Can you please post the relevant configurations here? When you say secondary

subnet, does your ISP route the traffic for that secondary subnet to your

router or have they also configured a secondary IP on their interface facing

your router?

Regards,

NT

New Member

Re: Help me route

Hi NT,

Thanks for reply. I ran out of IP to use in ISP B network, so I requested more IP. They sent me a block of new ips and configured to their router as the secondary set. The interface has two ip and I can ping both of them from inside of my router that connect to that router. If my client host is nat to the primary ip subnet, it works. But if my client host nat to the secondary subnet, it's not work. My PBR is configured with the next hop pointing to the ISP interface primary IP.

I will upload a configuration soon.

Thanks,

Vu

Configuration sample:

!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco1941
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
interface GigabitEthernet0/0
description Connection to router B
ip address 10.10.20.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Connection to router A
ip address 10.10.10.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
description Connection to LAN
ip address 10.10.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map PBR
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static 10.10.40.2 10.10.10.2
ip nat inside source static 10.10.40.3 10.10.20.2
ip nat inside source static 10.10.40.4 10.10.30.2
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 0.0.0.0 0.0.0.0 10.10.20.1 2
ip route 0.0.0.0 0.0.0.0 10.10.30.1 2
!
ip access-list standard ACL_PBR
permit 10.10.40.3
permit 10.10.40.4
!
!
route-map PBR permit 10
match ip address ACL_PBR
set ip next-hop 10.10.20.1
!
!

Message was edited by: Vu Nguyen

Cisco Employee

Re: Help me route

Hello,

Let us try the following:

interface GigabitEthernet0/0

description Connection to router B

ip address 10.10.20.2 255.255.255.0

ip address 10.10.30.2 255.255.255.0 secondary

exit

access-list 2 permit host 10.10.40.4

route-map PBR permit 10

match ip address ACL_PBR

set ip next-hop 10.10.20.1

route-map PBR permit 20

match ip address 2

set ip next-hop 10.10.30.1

This way, the traffic will go through the second ISP with appropriate NATed

IP address.

Hope this helps.

Regards,

NT

New Member

Re: Help me route

Hi NT,

Thanks for the advice. I have not think of that setting. I will try it out and let you know if it works. Thanks again,

Vu

New Member

Re: Help me route

Hi NT,

I tried this configuration but still not work.

If I nat 10.10.40.4 to an ip 10.10.30.3 of the secondary subnet, it not work

If I nat 10.10.40.4 to an ip 10.10.20.3 of the primary subnet, it works.

Any idea? Thanks,

Vu

Cisco Employee

Re: Help me route

Hello,

Let us try this:

interface GigabitEthernet0/0

ip nat outside

exit

interface GigabitEthernet0/1

ip nat outside

exit

interface FastEthernet0/0/0

ip nat inside

exit

ip nat inside source static 10.10.40.4 10.10.30.4 extendable

I tried it in one of my setup and it works fine as long as my ISP router has

a route to 10.10.30.4 pointing to 10.10.20.1 address. If this is not

working, I would suggest you talking to the ISP and having them remove the

secondary address on the interface and just adding a static route.

ip route 10.10.30.0 255.255.255.0 10.10.20.1

Hope this helps.

Regards,

NT

New Member

Re: Help me route

hi guys i'm new to this community ..i need to know about how to start this networking .. has i'm a niit student from india (bangalore).. ccna in study .. so make free to talk with me .. here is my mail-id sandsip@gmail.com.. pls

605
Views
0
Helpful
7
Replies
CreatePlease to create content