08-31-2004 05:07 PM - edited 03-02-2019 06:09 PM
I am trying to Multi-Home a customer using only NAT and static routing. The customer is two small to get their own IP space, and this is just the way they would like this done. They have no servers that need reachability from the Internet......the multi-homing is just to give them two points of access to the internet to surf from.
I am using dual default routes, and then NAT with route-maps to make sure the traffic gets translated to the appropriate IP address for the link it is going out over. I have tried both fast switching and netflow switching and I am seeing problems. It works but their appears to be packet loss, it will work fine for a bit but then lock for quite some time, start working again but very choppy.
I am going to go back out to the site and do some more extensive debugging to get an idea of what may be going on. I wanted to post the config to see if anyone has any thoughts on why this won't work or what I may need to change.
If I just default out one Serial, it works fine. Either serial works as it should, and there are no connectivity issues. But with the double defaults, thats where i see the problem.
interface FastEthernet0
ip address 66.0.102.181 255.255.255.248 secondary
ip address 192.168.1.1 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
description ShreveNet T1
ip address 207.254.221.150 255.255.255.252
ip nat outside
!
interface Serial1
no ip address
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial1.1 point-to-point
description ITCDeltaComm
ip address 10.20.18.166 255.255.255.252
ip nat outside
frame-relay interface-dlci 100 IETF
!
ip nat pool deltacom 66.0.102.177 66.0.102.177 netmask 255.255.255.248
ip nat inside source route-map ToDeltacom pool deltacom overload
ip nat inside source route-map ToShreveNet interface Serial0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 0.0.0.0 0.0.0.0 Serial1
ip route 207.254.192.0 255.255.224.0 Serial0
no ip http server
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
route-map ToDeltacom permit 10
match ip address 1
match interface Serial1.1
!
route-map ToShreveNet permit 10
match ip address 2
match interface Serial0
I appreciate any help you can give me on this.
Brian Feeny, CCIE #8036, CISSP
08-31-2004 09:29 PM
Hello Brian,
my first thought is, there might be a problem with the way traffic gets translated and the way the return traffic flows, since your entire address space is NATted at both outside interfaces with no preference for one or the other. You might want to try and cut your address space in half:
access-list 1 permit 192.168.1.0 0.0.0.128
access-list 2 permit 192.168.1.128 0.0.0.128
to make the traffic flow more deterministic.
HTH,
Georg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide