cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
35966
Views
29
Helpful
15
Replies

two isp, two networks & one router

seclucscon
Level 1
Level 1

Hi, I have 1 router (Cisco 2921), 2 ISP Link & 2 networks(one is 172.16.0.0 & another is 192.168.0.0).  I want to pass 2 networks by 2 different ISPs, like 172.16.0.0 will be passed by ISP 1 & 192.168.0.0 will be passed by ISP 2. I have 1 firewall attached with this router.

How can i do this in 1 router that  two network will be divided by two ISPs? How the natting will be done for 2 link??

Can anyone please help me in this issue urgently??

1 Accepted Solution

Accepted Solutions

As Vitaliy said, apply route-map PBR on LAN interface connected to FW, it will match traffic with ACLs LAN1 and LAN2 and route them based on specified next-hop parameter.

NAT configuration provided Vitaliy.

Summary:

int g0/0

ip nat outside

!

int g0/1

ip nat outside

!

int LAN

description connection to ASA

ip nat inside
ip policy route-map PBR

!

ip access-list standard 10

permit 172.16.0.0 0.0.255.255

!

ip access-list standard 20

permit 192.168.0.0 0.0.31.255

!

ip nat inside source list 10 interface g0/1 overload

ip nat inside source list 20 interface g0/0 overload

route-map PBR permit 10

match ip address LAN1

set ip next-hop NEXT_HOP_via_ISP1

route-map PBR permit 20

match ip address LAN2

set ip next-hop NEXT_HOP_via_ISP2

ip access-list extended LAN1

permit ip 172.16.0.0 0.0.255.255 any

ip access-list extended LAN2

permit ip 192.168.0.0 0.0.31.255 any

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

View solution in original post

15 Replies 15

blau grana
Level 7
Level 7

Hello,

What kind of routing do you use to exchange routes with both ISPs?

You can use Policy Based Routing to route traffic based on source IP address. Then configuration of NAT will be quite simple.

To be able help you further we need much more details about your setup.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Hi Grana, Thanks to hear from you again.

I am using static route to exchange routes.

Present Configuration:

ip route 0.0.0.0 0.0.0.0 123.x.x.x (1 ISP which is in gi0/1 port)

ip route 172.16.0.0 255.255.0.0 172.16.251.2 (local network)

ip route 192.168.0.0 255.255.224.0 172.16.251.2 (local network)

Also using NAT overload here.

Now i want to separate 192.168.0.0 network by ISP 2 which willl be pass by gi0/0 port

Please give me advice on how can i separate that network.

Thanks again for your help.

rajpanchal1978
Level 1
Level 1

BGP + PBR for NAt

If you use nat overload for two networks.  make so:

Int isp1

ip nat outside

!

int isp2

ip nat outside

!

int lan1

ip nat inside

!

int lan2

ip nite inside

!

ip access-list standard 10

permit 172.16.0.0 0.0.255.255

!

ip access-list standard 20

permit 192.168.0.0 0.0.31.255

!

ip nat inside source list 10 interface isp1 overload

ip nat inside source list 20 interface isp2 overload

But you must Policy-Based-Routing for next-hops for this networks


----------------------------------------------------------- Прошу вас оценивать и отмечать полезные для вас сообщения. Please rate helpful answers.

Hello Vitaliy and Seclucscon,

Vitaliy's example seems good. But one more question for you Seclucscon. Do you want to backup one link with other, so if ISP1 fails, all traffic will be rerouted via ISP2? Or do you want use each link exclusively for choosen traffic? If yes Vitaliy's configuration has to be updated with some more commands.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Hi Grana, Thanks for your reply.No, at present i dont want to backup one link with other.

Hi Vitaliy, Thaks for your solution. But for your information, i have ony 1 lan interface which is connected with firewall directly. will it be ok??

Aside to this, will you please give a brief on how to do Policy-Based-Routing for next-hops for this networks.

Regards

Hello,

This should work ->

route-map PBR permit 10

match ip address LAN1

set ip next-hop NEXT_HOP_via_ISP1

route-map PBR permit 20

match ip address LAN2

set ip next-hop NEXT_HOP_via_ISP2

ip access-list extended LAN1

permit ip 172.16.0.0 0.0.255.255 any

ip access-list extended LAN2

permit ip 192.168.0.0 0.0.31.255 any

interface CONNECTION_TO_FW

ip policy route-map PBR

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Hi Grana, thanks a lot. but i am a little bit confused about LAN 2. do you mean it as physical interface?

For your information, i have only 3 physical interfaces in router from which have only 1 lan interface which is actually connected with firewall.

please suggest me.

Regards,

Sadia.

I hope you can still reply on this, but how the 

ip nat inside source static ? is this will work also? 

If you have one interface connected to you Firewall. And you firewall have two links to ISP`s.  And If the nat is implemented on the firewall.

So i think that you need manipulations on you firewall not at router.

Which device is used as firewall?

----------------------------------------------------------- Прошу вас оценивать и отмечать полезные для вас сообщения. Please rate helpful answers.

Hi Vitaliy, Thanks for your reply.

My router has 3 links, 2 for 2 ISPs & 1 for Lan which is actually connected with firewall.

Nat is implemented on router. We are using ASA 5520 firewall

Regards

if topology is right you can use my config for implement nat and blau grana-s  config to implement policy routing. In other words mix this solutions.

----------------------------------------------------------- Прошу вас оценивать и отмечать полезные для вас сообщения. Please rate helpful answers.

As Vitaliy said, apply route-map PBR on LAN interface connected to FW, it will match traffic with ACLs LAN1 and LAN2 and route them based on specified next-hop parameter.

NAT configuration provided Vitaliy.

Summary:

int g0/0

ip nat outside

!

int g0/1

ip nat outside

!

int LAN

description connection to ASA

ip nat inside
ip policy route-map PBR

!

ip access-list standard 10

permit 172.16.0.0 0.0.255.255

!

ip access-list standard 20

permit 192.168.0.0 0.0.31.255

!

ip nat inside source list 10 interface g0/1 overload

ip nat inside source list 20 interface g0/0 overload

route-map PBR permit 10

match ip address LAN1

set ip next-hop NEXT_HOP_via_ISP1

route-map PBR permit 20

match ip address LAN2

set ip next-hop NEXT_HOP_via_ISP2

ip access-list extended LAN1

permit ip 172.16.0.0 0.0.255.255 any

ip access-list extended LAN2

permit ip 192.168.0.0 0.0.31.255 any

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Hi Grana. Thanks  a lot for your reply.

But now i need again help. now the requirement is Failover of ISP with Loadbalancing. If one ISP goes down then it will automatically shift traffic with other ISP. When 2 ISP are active, one network will pass thorough one ISP and other will pass by another ISP.

How will i do this? Please help me on this regard.

Another question, is it possible to merge 2 different ISP connections so that I have doubled bandwidth in 2921 router?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: