thanks for a very usefull link.

one more question:

in case two ISPs with only one ip per interface how is it possiable to use NAT?

interface fast ethernet 0/0/1

...

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface gigabit 0/0

...

ip address 1.1.1.1 255.255.255.0

ip nat outside

!

interface gigabit 0/1

...

ip address 2.2.2.2 255.255.255.0

ip nat outside

!

...

NAT configuration like

ip nat source list 120 interface gigabit 0/0

ip nat source list 121 interface gigabit 0/1

won't work in case gigabit 0/0 is DOWN

and I also cannot define any pool.

Hi

you can achieve this using route-maps in conjunction with the normal nat statements..

similar kinda scenario is discussed in this link would suggest to chek out for more clarity on that..

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087bac.html#1024644

regds

What you are about to read is about 60 hours of weekend experimentation and hair pulling, including calling up cisco phone support 3 times :-(

I've asked your exact question a few months ago on these forums.

here are bits and pieces of my config which you should analyse.

-------

route-map PRIMARY permit 10

match interface FastEthernet0

route-map PRIMARY permit 10

match interface Dialer0

ip route 0.0.0.0 0.0.0.0 1.1.1.1 10 track 123

ip route 0.0.0.0 0.0.0.0 2.2.2.2 20

ip nat insdie source route-map PRIMARY interface FastEthernet0 overload

ip nat inside source route-map SECONDRY interface

Dialer0 overload

no ip cef ( this is cisco's bandaid solution to a bug I found while trying to configure this on an 1811 router )

track 123 rtr 1 reachability

rtr 1

type echo protocol ipIcmpEcho 1.1.1.1

timeout 1000

threshold 1000

frequency 5

rtr schedule 1 life forever start-time now

------

I hope you find this useful, and keep me updated on how you go... because I would be interested to know.

I've just cut and paste all the important parts of my config which I got working. However, I had like 7 versions of the config, and from memory this is the correct one.

You need to read up on;

- PBR

- Object Tracking - Because a layer 2 link may exist yet there is no internet connectivity.

------

I made it natting with following config:

ip sla 1

icmp-echo 200.1.1.1

timeout 1000

threshold 3

frequency 10

ip sla schedule 1 life forever start-time now

...

track 17 rtr 1 reachability

...

ip route 0.0.0.0 0.0.0.0 60.1.1.1 track 10

ip route 200.1.1.0 255.255.255.0 60.1.1.1 50 track 17

ip route 0.0.0.0 0.0.0.0 70.1.1.1 250

...

ip local policy route-map ISP1

...

route-map ISP1 permit 10

match ip address 110 111

set interface GigabitEthernet0/1 GigabitEthernet0/0

set ip next-hop 60.1.1.1 70.1.1.1

...

route-map II permit 20

match ip address 120

match ip next-hop sec

match interface GigabitEthernet0/0

!

route-map I permit 10

match ip address 120

match ip next-hop prim

match interface GigabitEthernet0/1

...

ip access-list extended prim

permit ip host 60.1.1.1 any

permit ip any host 60.1.1.1

ip access-list extended sec

permit ip host 70.1.1.1 any

permit ip any host 70.1.1.1

!

As I am not sure that match inteface works after routing I used next hope address, which is known only after routing decision, in routing policy.

So

ip nat inside source route-map I interface GigabitEthernet0/1 overload

ip nat inside source route-map II interface GigabitEthernet0/0 overload

I have a Cisco 1811 and am trying the same thing but seem to be missing something. Could you repost your config where you got this to work, including necessary ACLs?

Thanks,

Brett