Re: Running NAT for Backup Link

faisal.farooq · ‎10-26-2001

We have a backup link which we use only when our main link is down.As our Backup Service Provider is not running BGP, I have to run NAT when I have to use backup link.I have defined a standard access-list permitting all the IPs which are being used by us and our customers.It worked fine.But one of our customer is using only uplink for some IPs.He has Downlink from some VSAT provider.I want to ask a solution that how I configure this Particular Customer's Serial Interface so that if he sends any IPs other than the IPs specified in the access-list for NAT,should be send without using NAT.i.e; these IP Packets should be send without changing their source IP as they have the retun path from VSAT.

MickPhelps · ‎10-27-2001

You should be able to put his IP address range(s) in your access-list to deny NAT translation. Make sure you deny any addresses you don't want translated before you permit "all" the others. If you're only permiting addresses that are supposed to be translated, the implicit deny should suffice.

If this still isn't working, its possible that your NAT is working properly, but (one of) your upstream provider(s) is checking incomming packets against its routing table to determine if packets are being spoofed. Those that are "sourced" from the VSAT may appear to be comming in from the wrong interface from your provider's perspective.

Debug NAT (CAREFULLY, call TAC for assistance) to determine if NAT is functioning properly before you assume it isn't.

Mick.