Re: 2 ISP's/Single Router/NAT-No BGP

b.tyler · ‎04-08-2003

I am trying to set up a single 7200 with a DS3 to one ISP and a T1 to a second ISP for failover. I have a static default route to the DS3 and a second static route with a higher admin distance to the T1. The router detects the DS3 outage fine and will route out to the T1. The problem is getting the proper NAT IP addresses. I am using NAT w/route-maps howeer I am not clear how to set the route-map to have packets from the same source and destination change NAT pools based upon the next hop interface. Is what I am trying to do possible? My config looks like this:

interface FastEthernet0/0

description Connection to Firewall

ip address 172.20.1.17 255.255.255.248

ip nat inside

duplex full

speed 100

!

interface Serial1/0

description DS-3 to ISP1

ip address 10.1.1.2 255.255.255.252

ip nat outside

dsu bandwidth 44210

framing c-bit

cablelength 10

serial restart-delay 0

!

interface Serial2/0:0

description 3MB to ISP2

ip address 10.2.2.2 255.255.255.252

ip nat outside

encapsulation ppp

fair-queue

!

interface Serial2/1:0

description 3MB to ISP2

ip address 10.3.3.2 255.255.255.252

ip nat outside

encapsulation ppp

fair-queue

!

ip nat pool ISP2 10.200.200.33 10.200.200.62 netmask 255.255.255.224

ip nat pool ISP1 10.100.100.33 10.100.100.62 netmask 255.255.255.224

ip nat inside source route-map ISP1 pool ISP1 overload

ip nat inside source route-map ISP2 pool ISP2 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial1/0 10.1.1.1

ip route 0.0.0.0 0.0.0.0 Serial2/0:0 10.2.2.1 200

ip route 0.0.0.0 0.0.0.0 Serial2/1:0 10.3.3.1 200

!

access-list 1 permit 172.20.0.0

access-list 10 permit 10.2.2.1

access-list 11 permit 10.3.3.1

access-list 15 permit 10.1.1.1

access-list 101 permit ip 172.20.0.0 0.0.255.255 any

!

route-map ISP2 permit 10

match ip address 101

match ip next-hop 10

!

route-map ISP1 permit 10

match ip address 101

match ip next-hop 15

rais · ‎04-09-2003

Seemingly, this should work. But next-hop is most probably evaluated for a route.

Rais.

b.tyler · ‎04-09-2003

My problem is I need a routing decision before a NAT deciscion. I am not sure how to accomplish this.

rjackson · ‎04-09-2003

I keep seeing questions on this same issue. I can't understand why everyone wants to use a different address pool on the backup connection. You should get your second ISP to coordinate with the primary and handle failover in advertising your single address space towards the internet. I assume that with a t3 you are going to have servers that the internet can reach. How can they get there when you keep changing the IP address? DNS will only point to one address.

rais · ‎04-09-2003

Your map will override your routing.

At most you can divide you inner space into half or quarter. When one of the links go down some will experience problems and some wont. The problem is to match traffic for NATing while your criteria is only source address.

Thanks.

mqueres · ‎04-14-2003

Some documents inform that Policy routing is performed before NAT, but in a specific lab environment the router doesn’t join the statement like match ip next hop with the correct NAT pool.

Similar questions about NAT with different pools using Route-maps are already described in others conversations. I think that Cisco can clarify the issues about the configuration with NAT and Route-maps.

Is there someone from Cisco to help us?

mehmoodsajid · ‎04-14-2003

hi,

on the both side your nat pool are same so you can change the next-hop address here like

!

route-map ISP2 permit 10

match ip address 101

set ip next-hop 10

!

route-map ISP1 permit 10

match ip address 101

set ip next-hop 15

!

Regards,