I have one 2800 series router which is connected to ISP providers. I dont have any FW inside my network.
Here is my requiremetns
user-- Router-- ISP1
ISP1 Public pool is 22.214.171.124
ISP2 Public POOL is 126.96.36.199
Internal private pool is 192.168.1.0
1) ISP2 should be backup to primary.
2)I hope defaults can configured like this
ip route 0.0.0.0 0.0.0.0 isp1
ip route 0.0.0.0 0.0.0.0 isp2 100
How the NATing will be configured to use pirmary (ISP1) and secondary as a backup(ISP2)
3) Do we need to implement the policy map?
Yes, you can use a route map. In fact, you use two of them.
What you do is bind the NAT functions to the respective output interfaces. The output interface the router selects will depend on the availability of the route out that interface. That, in turn, will tell the router which NAT statement is applicable.
Please look at this link. I think you will find it very helpful.
Thanks for your prompt response.
if any request comes from 192.168.100.0 it will match both the route-maps. When packet leaving the outside the network how the packet know that it sholud go to ISP1? I hope it should be based on default route only ryt.
But With below mentioned default routes its not working..
ip route 0.0.0.0 0.0.0.0 ISP1
ip route 0.0.0.0 0.0.0.0 ISP2 5
secodnary ISP should be always as backup.
"if any request comes from 192.168.100.0 it will match both the route-maps."
No, it won't because you are using TWO criteria to match with:
1.) The source network address
2.) The output interface
The output interface is determined by the routing process on your router. In your case, it's the static routes.
"When packet leaving the outside the network how the packet know that it sholud go to ISP1?"
You are going to have two default routes available. If you want a primary/failover set up, then you will make the ISP2 default route a floating static so that it will only be placed in the routing table in the event that the link to ISP1 fails.
[EDIT] It may help for you to understand the order of operations for NAT interfaces.
When a packet enters a router through the NAT "inside" interface, it will first be routed and then NAT'ed. [EDIT]
it will first be routed and then NAT'ed..
This cleared all my doubts. But pl.find the below final config
ip nat inside source route-map ISP-A interface Serial2/1 overload
ip nat inside source route-map ISP-B interface Serial2/0 overload
ip access-list extended LAN-NATTED-OUT
permit ip 10.15.7.0 0.0.0.255 any
route-map ISP-B permit 10
match ip address LAN-NATTED-OUT
match interface Serial2/0
route-map ISP-A permit 10
match ip address LAN-NATTED-OUT
match interface Serial2/1
ip route 0.0.0.0 0.0.0.0 ISPA
ip route 0.0.0.0 0.0.0.0 ISPB 50
I hope with abv config it shld work ryt? but its not working what could be the issue...
With same config somebody tested live..but its not working..
This is not yet implemented who implemented the same with the same config, its not working.
I am sorry to say that i can`t provide the required info.
Will this scenario work with the config which i have provided to you.
From what I see, yes, the configuration looks good.
Are you sure you have configured the NAT "inside" and "outside" statements under the appropriate interfaces?
Wow! What a NON-answer. :-)
If I had some equipment in front of me I would "troubleshoot." But since you recommended a thread after the OP said my set up didnt work, I thought perhaps you had a definite clue as to what was wrong.
It is a big thread but it is a very useful thread on how to accomplish your task. Mohammed and I spent quite a bit of time in a lab coming up with 2 different solutions that worked. You can also see the steps we did for troubleshooting which can also be useful when something doesn't work.
As an Engineer, I recommend that when something doesn't work, you engage in some kind of troubleshooting.
You will find that examples posted here and/or CCO will have something missing in the config but if you are good with troubleshooting, you can find out the problem rather quickly and learn at the same time. It will definitely make you a better engineer.
Now, with that said, can you post the output from typing:
show ip nat translation
show ip nat sta
show ip route
To determine what's not working?
I agree with Edison. Configuration commands may look good on paper, but sometimes they don't work, and when they don;t the best way to figure out what's wrong is to "lab it up," as they say. Replicate the topology and configurations in a non-production lab environment and analyze what is happening. Troubleshoot.
You said your friend created the set up I recommended, but you have not seen his set up. You are not involved in its creation or troubleshooting, and you can't vouch for the soundness of its implementation, so its going to be hard to help you - or for you to help yourself, for that matter.
I asked Edison if he saw anything wrong because, from his post and the thread he recommended, which he was thoroughly involved in, I thought he had seen something wrong with the config I suggested that was glaringly obvious. Apparently not.
Besides posting the output of those commands, you may want to post the configuration that your friend completed, to make sure it is set up according to the recommendation, and then we can move on from there.