Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1292
Views
0
Helpful
1
Replies

Dual ISP connection load balancing and NAT configuration -2921 router

siddhukaturi1
Level 1
Level 1

‎09-06-2017 03:51 AM - edited ‎03-03-2019 08:37 AM

Dear Team,

 

We have 2921 router in our organization. We have taken 2 ISP's for Internet purpose .Our requirement is

 

i) 2 Isp's should be Active/Active

ii) Static NATTING should be done by Secondary ISP(For 5 server we need to nat with 5 public IP's of secondary ISP)

iii) Failover should be done automatically.

 

Can anyone suggest the configration for thee above requirement .

 

Thanks in advance

Labels:
0 Helpful
1 Reply 1

bersoare
Cisco Employee
Cisco Employee

‎09-07-2017 12:47 PM

Are you using only one router? If so, you can use a policy nat:

 

access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255


route-map ISPB permit 1
match ip address 2
match interface FastEthernet1/0
route-map ISPB deny 10
route-map ISPA permit 1
match ip address 1
match interface FastEthernet0/1
route-map ISPA deny 10

 

ip nat inside source route-map ISPA interface FastEthernet0/1 overload
ip nat inside source route-map ISPB interface FastEthernet1/0 overload

 

S* 0.0.0.0/0 [1/0] via 2.2.2.2
[1/0] via 1.1.1.2

 

Pro Inside global Inside local Outside local Outside global
icmp 1.1.1.1:1024 192.168.0.2:5 8.8.8.8:5 8.8.8.8:1024
icmp 2.2.2.1:1024 192.168.0.2:6 10.10.10.10:6 10.10.10.10:1024

 

R1#sh ip cef exact-route 192.168.0.2 8.8.8.8
192.168.0.2 -> 8.8.8.8 => IP adj out of FastEthernet0/1, addr 1.1.1.2
R1#sh ip cef exact-route 192.168.0.2 10.10.10.10
192.168.0.2 -> 10.10.10.10 => IP adj out of FastEthernet1/0, addr 2.2.2.2

 

1- Match the internal networks and an outgoing interface with a route-map

2- Create a dynamic nat (PAT) for internet access

3- The outgoing interface decision will be taken by CEF, and nat will be done appropriately for each output interface chosen by the algorithm.

 

For automatic failover, your default routes should ideally be learnt by BGP or other routing protocol. When one ISP fails, its default is removed.

 

Static nat can be done just like you would do in any scenario.

 

ip nat inside source static tcp 192.168.0.10 80 2.2.2.10 8080 extendable
ip nat inside source static tcp 192.168.0.11 80 2.2.2.10 8081 extendable
ip nat inside source static tcp 192.168.0.12 80 2.2.2.254 8080 extendable

 

R1#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
tcp 2.2.2.10:8080 192.168.0.10:80 2.2.2.2:41436 2.2.2.2:41436
tcp 2.2.2.10:8080 192.168.0.10:80 --- ---
tcp 2.2.2.10:8081 192.168.0.11:80 2.2.2.2:37121 2.2.2.2:37121
tcp 2.2.2.10:8081 192.168.0.11:80 --- ---
tcp 2.2.2.254:8080 192.168.0.12:80 2.2.2.2:33356 2.2.2.2:33356
tcp 2.2.2.254:8080 192.168.0.12:80 --- ---

 

I hope it helps.

0 Helpful
Customers Also Viewed These Support Documents