Assumptions: ISP1 - 41.x.82.35/31; AS 1111, terminated on GE0/1 ISP2 - 62.y.36.155/31; AS 2222, terminated on GE0/2 ISP3 - 197.z.233.135/31; AS 3333, terminated on FE0/0/0 NCC LAN - 192.168.20.0/24; AS 6500, terminated on GE0/0 ISP1, ISP2, ISP3, NCC LAN are all directly connected to the BGP ROUTER No DMZ ————————————————————————————————————————————————————————————————————————— no aaa new-model ip subnet-zero ip cef ! no ip domain lookup ip audit po max-events 100 ! ! ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! ! interface GigabitEthernet0/0 desc NCC LAN ip address 192.168.20.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! ! interface GigabitEthernet0/1 desc ISP1 ip address 41.x.82.35 255.255.255.254 ip nat outside ip virtual-reassembly ! ! interface GigabitEthernet0/2 desc ISP2 ip address 62.y.36.155 255.255.255.254 ip nat outside ip virtual-reassembly ! ! interface FastEthernet0/0/0 desc ISP3 ip address 197.z.233.135 255.255.255.254 ip nat outside ip virtual-reassembly ! ! router ospf 6500 log-adjacency-changes passive-interface GigabitEthernet0/1 passive-interface GigabitEthernet0/2 passive-interface FastEthernet0/0/0 network 192.168.20.0 0.0.0.255 area 0 default-information originate always ! ! router bgp 6500 no synchronization bgp log-neighbor-changes bgp bestpath as-path multipath-relax network 41.x.82.34 mask 255.255.255.254 network 62.y.36.154 mask 255.255.255.254 network 197.z.233.134 mask 255.255.255.254 neighbor 41.x.82.34 remote-as 1111 neighbor 41.x.82.34 route-map ISP-1_IN in neighbor 41.x.82.34 route-map ISP-1_OUT out neighbor 62.y.36.154 remote-as 2222 neighbor 62.y.36.154 route-map ISP-2_IN in neighbor 62.y.36.154 route-map ISP-2_OUT out neighbor 197.z.233.134 remote-as 3333 neighbor 197.z.233.134 route-map ISP-3_IN in neighbor 197.z.233.134 route-map ISP-3_OUT out maximum-paths 3 no auto-summary ! ! ! ip nat inside source route-map ISP-1_NAT interface GigabitEthernet0/1 overload ip nat inside source route-map ISP-2_NAT interface GigabitEthernet0/2 overload ip nat inside source route-map ISP-3_NAT interface FastEthernet0/0/0 overload ip classless ! ! ip as-path access-list 10 permit ^$ no ip http server no ip http secure-server ! ! ip prefix-list only-default permit 0.0.0.0/0 ! ! ip access-list extended NAT permit ip 192.168.20.0 0.0.0.255 any ! ! route-map ISP-1_IN permit 10 set local-preference 200 match ip address prefix only-default ! route-map ISP-2_IN permit 10 set local-preference 200 match ip address prefix only-default ! route-map ISP-3_IN permit 10 set local-preference 200 match ip address prefix only-default ! ! route-map ISP-1_OUT permit 10 match as-path 10 set origin igp ! route-map ISP-2_OUT permit 10 match as-path 10 set origin igp ! route-map ISP-3_OUT permit 10 match as-path 10 set origin igp ! ! ! route-map ISP-1_NAT permit 10 match ip address NAT match interface GigabitEthernet0/1 ! route-map ISP-2_NAT permit 10 match ip address NAT match interface GigabitEthernet0/2 ! route-map ISP-3_NAT permit 10 match ip address NAT match interface FastEthernet0/0/0 ! ! ! ! alias exec sir sh ip route alias exec sion sh ip ospf nei alias exec sien sh ip eigrp n ! line con 0 line aux 0 line vty 0 4 login ! end