05-20-2019 01:52 PM
Hola, espero me puedan apoyar con mi siguiente caso:
Tengo configurado un firewalll fortinet, donde conecto 2 ISP de diferente proveedor, y en mi router 2900 hago que todo el trafico salga por la interfaz Gi0/1 ISP1.
Agregué otro ISP a la interfaz Gi0/2 ISP2.
Pretendo enviar algunas VLAN hacia el ISP2, pero no se si sea posible ya que he configurado PBR y no me funciona, vi que para usar PBR necesito una actualización en mi licencia del router.
Quisiera saber si hay otra manera a parte de PBR para que pueda lograr enviar unas de mis VLAN por el ISP2 y otras por el ISP1.
Gracias..
05-20-2019 02:25 PM
Not sure what License you have, other way is do NAT (but this limits auto fall back if ISP Fails)
example :
VLAN3 network NAT with ISP1
VLAN4 network NAT with ISP1
make sense ?
show license and show version can give us more idea what you have.
05-20-2019 02:31 PM
05-20-2019 02:37 PM
you can use this way also
VLAN2 and VLAN3 NAt with ISP1, if ISP1 fails you can use ISP2 with NAT.
using IPSLA and tracking
05-20-2019 03:35 PM
05-21-2019 12:23 AM
Here is example : (take backup of config working one, understand the below config and apply as per the directions).
- configure interface
interface Gi0/1
description ISP1
ip address x.x.x.x 255.255.255.0 <- change as per the ISP1 IP address)
ip nat outside
interface Gi0/2
description ISP2
ip address y.y.y.y 255.255.255.0 <- change as per the ISP2 IP address)
ip nat outside
- Route Maps for NATting traffic
route-map backup permit 20
match ip address ISPInternet
match interface Gi0/2
route-map primary permit 10
match ip address ISPInternet
match interface Gi0/1
- Configure Lan interface
interface VLAN2
ip address z.z.z.z 255.255.255.0
ip nat inside
interface VLAN3
ip address z1.z1.z1.z1 255.255.255.0
ip nat inside
ip access-list extended ISPInternet
permit ip any any
- Configure the two NAT statements
ip nat inside source route-map backup interface Gi0/1 overload
ip nat inside source route-map primary interface Gi0/2 overload
- your static routes:
ip route 0.0.0.0 0.0.0.0 x.x.x.x 10
ip route 0.0.0.0 0.0.0.0 y.y.y.y 20
EEM Script to Clear the NAT :
event manager applet CLEARNAT1
event syslog pattern “LINEPROTO-5-UPDOWN: Line protocol on Interface Gi0/2, changed state to down”
action 1.0 cli command “enable”
action 2.0 cli command “clear ip nat translation *”
event manager applet CLEARNAT2
event syslog pattern “LINEPROTO-5-UPDOWN: Line protocol on Interface Gi0/1, changed state to down”
action 1.0 cli command “enable”
action 2.0 cli command “clear ip nat translation *”
Other Option with IP SLA Tracking :
ip sla 20
icmp-echo 8.8.8.8 source-interface Gi0/1
timeout 1000
frequency 10
ip sla schedule 20 life forever start-time now
track 1 rtr 20 reachability
- your static routes:
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 1
ip route 0.0.0.0 0.0.0.0 y.y.y.y 2
05-21-2019 09:20 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide