How to route multiple gatway for internet traffice

shahid_duet · ‎11-15-2013

Dear experts.

I am using cisco 2821 for internet router. i have two ISP with IP 10.0.1.0/29 and 10.0.2.0/29. ISP 1 is configured as follows for accessing my internal server 172.29.1.5 with nating to 10.0.1.5:

interface GigabitEthernet0/0

ip address 10.0.1.2 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 10.0.0.1 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Fastethernet 0/0/1

!

ip route 0.0.0.0 0.0.0.0 10.0.1.1

ip route 172.29.1.0 255.255.255.0 10.0.0.2

!

no ip http server

no ip http secure-server

ip nat pool IP_POOL 10.0.1.2 10.0.1.5 netmask 255.255.255.252

ip nat inside source list 1 pool IP_POOL overload

ip nat inside source static 172.29.1.5 10.0.1.5

All my local user and server 172.29.1.5 getting internet and from internet we getting server 172.29.1.5 nay nating. all is ok.

Now i want to connect 2nd ISP with IP 10.0.2.0/29 and my server ip 172.29.1.4 will nat to 10.0.2.4.

what will be the route that all local user will get internet through both ISP and from internet we get 172.29.1.5 ????

Shahid

Richard Burts · ‎11-16-2013

Shahid

How do you want to use the second ISP? Do you want to establish a primary/backup arrangement or do you want to use them actively and have some kind of load sharing?

If you configure a floating static default route it will give you primary/backup functionality. If you configure a second static default route it will give you both of them working at the same time.

You will need to configure address translation for traffic going out through the second ISP. And when you have two outbound interfaces and address translation on each then the way that you configure address translation needs to change. With one outbound your address translation command has an access list to identify the traffic. When you have a second outbound interface then you need to do address translation using route maps. The route map will have two match commands with one match for the access list and the second match command matching the outbound interface.

If you have a second server that you want to establish static translation that can be done using the second ISP. There is not a good way to have a single server that is translated using both ISP.

HTH

Rick

HTH

Rick

shahid_duet · ‎11-16-2013

Hi rick

Good day

1st : i want to use both link for active/active and for load sharing.

2nd : single server will not translate to both ISP. 172.29.1.5 to 10.0.1.5 and 172.29.1.4 to 10.0.2.4

Can you please send me the configuration for both ISP and bsoth server.

Thanking You

shahid

Vishesh Verma · ‎11-17-2013

Steps you need based on your requirement-

1. Configure ISP2 interface

2. Add default route with ISP2 next-hop

3. PBR servers traffic out correct NAT interfaces

4. Deny servers INSIDE_LOCAL IP in dynamic NAT source access-list

5. Use route-maps to match traffic based on access-list and exit interface as source in dynamic NAT configuration

Configuration -

!

interface GigabitEthernet0/0

description ISP1

ip address 10.0.1.2 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface GigabitEthernet0/2

description ISP2

ip address 10.0.2.2 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 10.0.1.1

ip route 0.0.0.0 0.0.0.0 10.0.2.1

!

ip nat pool POOL1 10.0.1.2 10.0.1.6 netmask 255.255.255.252

ip nat pool POOL2 10.0.2.2 10.0.2.6 netmask 255.255.255.252

!

route-map SERVER-PBR permit 10

match ip address SERVER1

set ip next-hop 10.0.1.1

!

route-map SERVER-PBR permit 20

match ip address SERVER2

set ip next-hop 10.0.2.1

!

ip access-list extended SERVER1

deny ip host 172.29.1.5

permit ip host 172.29.1.5 any

!

ip access-list extended SERVER2

deny ip host 172.29.1.4

permit ip host 172.29.1.4 any

!

interface GigabitEthernet 0/1

ip address 10.0.0.1 255.255.255.252

ip nat inside

ip virtual-reassembly

ip policy route-map SERVER-PBR

duplex auto

speed auto

!

access-list 1 deny 172.29.1.5

access-list 1 deny 172.29.1.4

access-list 1 permit 172.29.1.0 0.0.0.255

!

route-map ROUTE1

match ip address 1

match interface GigabitEthernet0/0

!

route-map ROUTE2

match ip address 1

match interface GigabitEthernet0/2

!

ip nat inside source route-map ROUTE1 pool POOL1 overload

ip nat inside source route-map ROUTE2 pool POOL2 overload

!

end

Vishesh Verma · ‎11-17-2013

Oh i forgot the last piece - Static nat for servers

!

ip nat inside source static 172.29.1.5 10.0.1.5

ip nat inside source static 172.29.1.4 10.0.2.4

!

Regards,

Vishesh