Dual NAT PIX and Router

cool.cisco · ‎10-27-2005

Hi,

My Network is this:

Condition One:

Packet travels from PC to destination server via dedicated E1.

PC>>>>L2>>>>L3>>>PIX(Translation from one IP to other IP is happening here)>>>>>>Router>>>>E1------E1>>>Router>>>L2>>>Server.

2. For Redundancy VPN is configured on the same router on another interface.

PC>>>>L2>>>>L3>>>PIX(To route the packets via Internet, another subnet is configured and we do manually static nat incase of E1 goes down, then once the E1 comes back then again revert the nat)>>>>>>Router>>>>E1------E1>>>Router>>>L2>>>Server.

My problem is static behaviour that we do on the PIX whenever E1 goes down, or it comes up.

I want this to do it dynamically. But the problem is i am running 6.3 in PIX and cannot nat statically one IP with two ip's.

The option that is coming in my mind is to play in the router.......

Does someone has any idea how it will be done........

Appreciate your quick replys.

Regards,

hchen · ‎10-27-2005

Assume the PIX has three interfaces or elss trunking has to be enabled.

Run a routing protocol ospf between the PIX and the router

Configure a static default route with metric higher than 110 and point it to the fall back route.

below is a sample config

interface e0 outside security0

interface e1 outside2 security0

interface e2 inside security100

ip address inside 10.0.0.1 255.255.255.0

ip address outside 192.168.0.1 255.255.255.0

ip address outside2 172.16.0.1 255.255.255.0

route outside 0.0.0.0 0.0.0.0 routeb 250

router ospf 100

network 192.168.0.0 255.255.255.0 area 0

global (outside) 10 2.2.2.2

global (outside1) 15 3.3.3.3

nat (inside) 10 10.0.0.0 255.255.255.0

nat (inside) 15 10.0.0.0 255.255.255.0

static (inside,outside) 2.2.2.4 10.0.0.5 netmask 255.255.255.255

static (inside,outside1) 3.3.3.4 10.0.0.5 netmask 255.255.255.255