Re: NAT Help!

romeoalvarez · ‎10-28-2004

I have to buildings 50 miles apart. I have a T-1 connecting them. Building A is able to receive internet service, building B isn't. So i set up a NAT to feed service from building A to building B, the ISP is Road Runner. Each site has a cisco 2650 router with NAT configured into them so that they can network and share files. Now, QWest has expanded far enough to allow building B to receive DSL service. What i want to do is, keep road runner at buuilding A and at building B have QWest DSL. To do this i was told i should configure the routers to "multihome with auto injection". So my question is, do i need to completly reconfigure my routers to do this or since NAT is already set-up can i just plug in my DSL line.

fabios · ‎10-28-2004

There are two issues here.

First the intersite communication and then the Internet connectivity.

Intersite connectivity will not be affected by a second Internet connection.

The second Internet connection will affect your routing outside your network. You say you have NAT configured at both your locations. NAT is usually configured at the border gateway of a STUB network like yours is, but in any case, at the moment in site B you have a default route pointing at router in site A. Site A has a route for building B network point to router B and a default route pointing to the Internet connected interface which should be configured as NAT outside.

When you add the second Internet connection, there are 2 possible scenarios: you want your network to be reachable from outside or not.

The latter is easier and I will analize it first.

In such case when one of the link goes down you want the Internet traffic to go through the other link. To achieve this you will have to set up nat at the two internet connected interface, have a default route pointing to the IP of remote router of your internet connections and redistribute this route into your network with appropriate metric so building A goes out via router A and building B via router B. When one of the link goes down the other propagated via routing will take over (I cannot be more specific since I do not know what routing protocol are you using).

The former case is more complex since it involves external routing to be resolved. I am not an BGP expert but your set up with two different ISP requires you to get an AS and multihome. Normally this means you get your own address space and establish BGP peering agreement with your ISP and them accepting your routing updates. This does not usually happens if their netadmin do not trust you to be a well trained BGP administrator since you might mess up their routing table (up to a point).

Best solution in my view is use same ISP at both location and have an internal routing protocol run between you and ISP.

Hope it helps

Fabio

romeoalvarez · ‎10-28-2004

Fabio,

Great help!! Unfortunatly i can't use the same ISP. Your first suggestion is perfect. How do i acchomplish this. What do you mean "set up NAT at the two internet connected interfaces" you mean my cisco routers or the DSL and cable modems? Also, "have a default route pointing to the IP of remote router of your internet connections and redistribute this route into your network with appropriate metric", so you mean route to my cisco router ip, and distribute that to my network clients? Is this like RIP?

fabios · ‎10-28-2004

If you do not need to have your network reachable what you have to do is have two segments in the two buildings: lets say 192.168.1.0/24 in building A

192.168.2.0/24 in B.

Now firts provider gives you 1 or more pubblic IP you do a nat pool in router A

Second provider does the same and you do another pool on router B

additionally provider 1 once you connect will have an IP address assigned to the two end of the link let's say 172.16.0.1/30 his end and 172.16.0.2/30 your end

The same is done with provider 2 which assigns 10.0.0.1/30 his end and 10.0.0.2/30 your end.

What yoe need is to enter a static route on router A pointing to 172.16.0.1 and a static route on router B pointing to 10.0.0.1 and redistributing statics.

All machines in building A will have router A as the default gateway and all of those in building B router B.

What happens when one link goes down (for example link in B) is that the entry 10.0.0.1 disappears in the routing table of router B and so does the staic default route. The routing protocol injected candidate default from router A will take over and router B will start sending ICMP redirects to hosts and forward traffic to router A which will NAT (with addreses from his own pool) and forward to the internet. The IP addresses assigned from ISP 2 to router B will stay unreachable from Internet.

You may use RIP but I suggest EIGRP (faster convergence time lower traffic cisco proprietary).

Cheers

Fabio

fabios · ‎10-28-2004