09-06-2017 03:51 AM - edited 03-03-2019 08:37 AM
Dear Team,
We have 2921 router in our organization. We have taken 2 ISP's for Internet purpose .Our requirement is
i) 2 Isp's should be Active/Active
ii) Static NATTING should be done by Secondary ISP(For 5 server we need to nat with 5 public IP's of secondary ISP)
iii) Failover should be done automatically.
Can anyone suggest the configration for thee above requirement .
Thanks in advance
09-07-2017 12:47 PM
Are you using only one router? If so, you can use a policy nat:
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255
route-map ISPB permit 1
match ip address 2
match interface FastEthernet1/0
route-map ISPB deny 10
route-map ISPA permit 1
match ip address 1
match interface FastEthernet0/1
route-map ISPA deny 10
ip nat inside source route-map ISPA interface FastEthernet0/1 overload
ip nat inside source route-map ISPB interface FastEthernet1/0 overload
S* 0.0.0.0/0 [1/0] via 2.2.2.2
[1/0] via 1.1.1.2
Pro Inside global Inside local Outside local Outside global
icmp 1.1.1.1:1024 192.168.0.2:5 8.8.8.8:5 8.8.8.8:1024
icmp 2.2.2.1:1024 192.168.0.2:6 10.10.10.10:6 10.10.10.10:1024
R1#sh ip cef exact-route 192.168.0.2 8.8.8.8
192.168.0.2 -> 8.8.8.8 => IP adj out of FastEthernet0/1, addr 1.1.1.2
R1#sh ip cef exact-route 192.168.0.2 10.10.10.10
192.168.0.2 -> 10.10.10.10 => IP adj out of FastEthernet1/0, addr 2.2.2.2
1- Match the internal networks and an outgoing interface with a route-map
2- Create a dynamic nat (PAT) for internet access
3- The outgoing interface decision will be taken by CEF, and nat will be done appropriately for each output interface chosen by the algorithm.
For automatic failover, your default routes should ideally be learnt by BGP or other routing protocol. When one ISP fails, its default is removed.
Static nat can be done just like you would do in any scenario.
ip nat inside source static tcp 192.168.0.10 80 2.2.2.10 8080 extendable
ip nat inside source static tcp 192.168.0.11 80 2.2.2.10 8081 extendable
ip nat inside source static tcp 192.168.0.12 80 2.2.2.254 8080 extendable
R1#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
tcp 2.2.2.10:8080 192.168.0.10:80 2.2.2.2:41436 2.2.2.2:41436
tcp 2.2.2.10:8080 192.168.0.10:80 --- ---
tcp 2.2.2.10:8081 192.168.0.11:80 2.2.2.2:37121 2.2.2.2:37121
tcp 2.2.2.10:8081 192.168.0.11:80 --- ---
tcp 2.2.2.254:8080 192.168.0.12:80 2.2.2.2:33356 2.2.2.2:33356
tcp 2.2.2.254:8080 192.168.0.12:80 --- ---
I hope it helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide