Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Need simple solution

I have one 2800 series router which is connected to ISP providers. I dont have any FW inside my network.

Here is my requiremetns

user-- Router-- ISP1

ISP2

ISP1 Public pool is 1.1.1.1

ISP2 Public POOL is 2.2.2.2

Internal private pool is 192.168.1.0

1) ISP2 should be backup to primary.

2)I hope defaults can configured like this

ip route 0.0.0.0 0.0.0.0 isp1

ip route 0.0.0.0 0.0.0.0 isp2 100

How the NATing will be configured to use pirmary (ISP1) and secondary as a backup(ISP2)

3) Do we need to implement the policy map?

Regards

sateesh kumar.k

17 REPLIES
Blue

Re: Need simple solution

Sateesh:

Yes, you can use a route map. In fact, you use two of them.

What you do is bind the NAT functions to the respective output interfaces. The output interface the router selects will depend on the availability of the route out that interface. That, in turn, will tell the router which NAT statement is applicable.

Please look at this link. I think you will find it very helpful.

http://ccietobe.blogspot.com/2008/08/nat-redundancy-with-route-maps.html

HTH

Victor

Community Member

Re: Need simple solution

Hi,

Thanks for your prompt response.

if any request comes from 192.168.100.0 it will match both the route-maps. When packet leaving the outside the network how the packet know that it sholud go to ISP1? I hope it should be based on default route only ryt.

But With below mentioned default routes its not working..

ip route 0.0.0.0 0.0.0.0 ISP1

ip route 0.0.0.0 0.0.0.0 ISP2 5

secodnary ISP should be always as backup.

Regards

sateesh

Blue

Re: Need simple solution

Sateesh:

"if any request comes from 192.168.100.0 it will match both the route-maps."

No, it won't because you are using TWO criteria to match with:

1.) The source network address

2.) The output interface

The output interface is determined by the routing process on your router. In your case, it's the static routes.

"When packet leaving the outside the network how the packet know that it sholud go to ISP1?"

You are going to have two default routes available. If you want a primary/failover set up, then you will make the ISP2 default route a floating static so that it will only be placed in the routing table in the event that the link to ISP1 fails.

[EDIT] It may help for you to understand the order of operations for NAT interfaces.

When a packet enters a router through the NAT "inside" interface, it will first be routed and then NAT'ed. [EDIT]

HTH

Victor

Community Member

Re: Need simple solution

Hi

it will first be routed and then NAT'ed..

This cleared all my doubts. But pl.find the below final config

ip nat inside source route-map ISP-A interface Serial2/1 overload

ip nat inside source route-map ISP-B interface Serial2/0 overload

!

!

ip access-list extended LAN-NATTED-OUT

permit ip 10.15.7.0 0.0.0.255 any

!

route-map ISP-B permit 10

match ip address LAN-NATTED-OUT

match interface Serial2/0

!

route-map ISP-A permit 10

match ip address LAN-NATTED-OUT

match interface Serial2/1

ip route 0.0.0.0 0.0.0.0 ISPA

ip route 0.0.0.0 0.0.0.0 ISPB 50

I hope with abv config it shld work ryt? but its not working what could be the issue...

With same config somebody tested live..but its not working..

Regards

sateesh

Blue

Re: Need simple solution

Sateesh:

Can you post the device's entire configuration?

Can you also post the route table?

Can you lastly post a "sh ip int brief"?

Victor

Community Member

Re: Need simple solution

Hi,

This is not yet implemented who implemented the same with the same config, its not working.

I am sorry to say that i can`t provide the required info.

Will this scenario work with the config which i have provided to you.

Regards

sateesh

Blue

Re: Need simple solution

From what I see, yes, the configuration looks good.

Are you sure you have configured the NAT "inside" and "outside" statements under the appropriate interfaces?

Victor

Community Member

Re: Need simple solution

.

Hall of Fame Super Bronze

Re: Need simple solution

Sateesh,

Please refer to this thread:

http://tinyurl.com/cyj44y

HTH,

__

Edison.

Blue

Re: Need simple solution

Edison, do you see a reason right off the bat why his configuration would not work?

Thx

Victor

Blue

Re: Need simple solution

Edison...Edison...Edison...?

Bueller....Bueller...Bueller...?

Hall of Fame Super Bronze

Re: Need simple solution

Victor,

Troubleshoot.

show ip nat trans

show ip nat stat

show ip route

Will certainly help...

Blue

Re: Need simple solution

Wow! What a NON-answer. :-)

If I had some equipment in front of me I would "troubleshoot." But since you recommended a thread after the OP said my set up didnt work, I thought perhaps you had a definite clue as to what was wrong.

Thanks anyway

Community Member

Re: Need simple solution

Hi,

This much of big tread for the same.

If i follow the same will this work.

Regards

sateesh

Hall of Fame Super Bronze

Re: Need simple solution

Sateesh,

It is a big thread but it is a very useful thread on how to accomplish your task. Mohammed and I spent quite a bit of time in a lab coming up with 2 different solutions that worked. You can also see the steps we did for troubleshooting which can also be useful when something doesn't work.

As an Engineer, I recommend that when something doesn't work, you engage in some kind of troubleshooting.

You will find that examples posted here and/or CCO will have something missing in the config but if you are good with troubleshooting, you can find out the problem rather quickly and learn at the same time. It will definitely make you a better engineer.

Now, with that said, can you post the output from typing:

show ip nat translation

show ip nat sta

show ip route

To determine what's not working?

__

Edison.

Blue

Re: Need simple solution

Sateesh:

I agree with Edison. Configuration commands may look good on paper, but sometimes they don't work, and when they don;t the best way to figure out what's wrong is to "lab it up," as they say. Replicate the topology and configurations in a non-production lab environment and analyze what is happening. Troubleshoot.

You said your friend created the set up I recommended, but you have not seen his set up. You are not involved in its creation or troubleshooting, and you can't vouch for the soundness of its implementation, so its going to be hard to help you - or for you to help yourself, for that matter.

I asked Edison if he saw anything wrong because, from his post and the thread he recommended, which he was thoroughly involved in, I thought he had seen something wrong with the config I suggested that was glaringly obvious. Apparently not.

Besides posting the output of those commands, you may want to post the configuration that your friend completed, to make sure it is set up according to the recommendation, and then we can move on from there.

HTH

Victor

Community Member

Re: Need simple solution

Hi,

Thanks for all your support.

Regards

sateesh

157
Views
4
Helpful
17
Replies
CreatePlease to create content