04-08-2003 11:36 AM - edited 03-02-2019 06:30 AM
I am trying to set up a single 7200 with a DS3 to one ISP and a T1 to a second ISP for failover. I have a static default route to the DS3 and a second static route with a higher admin distance to the T1. The router detects the DS3 outage fine and will route out to the T1. The problem is getting the proper NAT IP addresses. I am using NAT w/route-maps howeer I am not clear how to set the route-map to have packets from the same source and destination change NAT pools based upon the next hop interface. Is what I am trying to do possible? My config looks like this:
interface FastEthernet0/0
description Connection to Firewall
ip address 172.20.1.17 255.255.255.248
ip nat inside
duplex full
speed 100
!
interface Serial1/0
description DS-3 to ISP1
ip address 10.1.1.2 255.255.255.252
ip nat outside
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
interface Serial2/0:0
description 3MB to ISP2
ip address 10.2.2.2 255.255.255.252
ip nat outside
encapsulation ppp
fair-queue
!
interface Serial2/1:0
description 3MB to ISP2
ip address 10.3.3.2 255.255.255.252
ip nat outside
encapsulation ppp
fair-queue
!
ip nat pool ISP2 10.200.200.33 10.200.200.62 netmask 255.255.255.224
ip nat pool ISP1 10.100.100.33 10.100.100.62 netmask 255.255.255.224
ip nat inside source route-map ISP1 pool ISP1 overload
ip nat inside source route-map ISP2 pool ISP2 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/0 10.1.1.1
ip route 0.0.0.0 0.0.0.0 Serial2/0:0 10.2.2.1 200
ip route 0.0.0.0 0.0.0.0 Serial2/1:0 10.3.3.1 200
!
access-list 1 permit 172.20.0.0
access-list 10 permit 10.2.2.1
access-list 11 permit 10.3.3.1
access-list 15 permit 10.1.1.1
access-list 101 permit ip 172.20.0.0 0.0.255.255 any
!
route-map ISP2 permit 10
match ip address 101
match ip next-hop 10
!
!
route-map ISP1 permit 10
match ip address 101
match ip next-hop 15
04-09-2003 06:20 AM
Seemingly, this should work. But next-hop is most probably evaluated for a route.
Rais.
04-09-2003 10:09 AM
My problem is I need a routing decision before a NAT deciscion. I am not sure how to accomplish this.
04-09-2003 11:21 AM
I keep seeing questions on this same issue. I can't understand why everyone wants to use a different address pool on the backup connection. You should get your second ISP to coordinate with the primary and handle failover in advertising your single address space towards the internet. I assume that with a t3 you are going to have servers that the internet can reach. How can they get there when you keep changing the IP address? DNS will only point to one address.
04-09-2003 12:37 PM
Your map will override your routing.
At most you can divide you inner space into half or quarter. When one of the links go down some will experience problems and some wont. The problem is to match traffic for NATing while your criteria is only source address.
Thanks.
04-14-2003 01:08 PM
Some documents inform that Policy routing is performed before NAT, but in a specific lab environment the router doesnt join the statement like match ip next hop with the correct NAT pool.
Similar questions about NAT with different pools using Route-maps are already described in others conversations. I think that Cisco can clarify the issues about the configuration with NAT and Route-maps.
Is there someone from Cisco to help us?
04-14-2003 11:16 PM
hi,
on the both side your nat pool are same so you can change the next-hop address here like
!
route-map ISP2 permit 10
match ip address 101
set ip next-hop 10
!
!
route-map ISP1 permit 10
match ip address 101
set ip next-hop 15
!
!
!
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide