Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
228
Views
11
Helpful
2
Replies

Configuration for two ISP T1s

kingken
Level 1
Level 1

‎02-21-2005 11:25 AM - edited ‎03-02-2019 09:47 PM

I need to distribute my server LAN (192.168.102.x) and desktop LAN traffic (192.168.100.x) to two of our separate ISP T1s on my 2621 router. I don't want load sharing or any dedundancy (at least not yet). I'm not sure how to go about configuring the two separate NATs or ip routes but I read on the Cisco site somewhere to use route-map and access-list. Can someone verify my router configuration below. Thanks!

-Ken

version 12.2

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname starcisco

!

ip subnet-zero

!

!

ip audit notify log

ip audit po max-events 100

!

interface FastEthernet0/0

description Connection to Desktop&Server LAN

ip address 192.168.100.254 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Serial0/0

no ip address

encapsulation frame-relay IETF

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

description Connection to Internet (ISP1 for Desktop LAN)

ip address 1.1.1.2 255.255.255.252

ip access-group 104 in

ip nat outside

frame-relay interface-dlci 808

!

interface FastEthernet0/1

description Connection to DMZ

ip address 1.2.3.4 255.255.255.224

ip access-group 102 in

duplex auto

speed auto

!

interface Serial0/1

description Connection to Internet (ISP2 for Server LAN)

ip address 2.2.2.2 255.255.255.248

ip access-group 105 in

ip nat outside

encapsulation frame-relay IETF

frame-relay lmi-type ansi

! NAT with route map and nat pool

!ip nat pool isp1-space 1.1.1.3 1.1.1.4 prefix-length 24

!ip nat pool isp2-space 2.2.2.3 2.2.2.4 prefix-length 24

ip nat inside source route-map isp1-map pool isp1-space

ip nat inside source route-map isp2-map pool isp2-space

route-map isp1-map permit 10

match ip address 1

match interface Serial0/1

route-map isp2-map permit 10

match ip address 2

match interface Serial0/0.1

!

!

! internal static NAT mappings to servers

! like email server and vpn server

ip nat inside source static 192.168.102.164 2.2.2.5 route-map isp2-map

ip nat inside source static 192.168.102.165 2.2.2.6 route-map isp2-map

!

! default internet routes

ip route 0.0.0.0 0.0.0.0 Serial0/0.1

ip route 0.0.0.0 0.0.0.0 Serial0/1

! static routes to interal desktop/serve LAN

ip route 192.168.0.0 255.255.255.0 FastEthernet0/0

ip route 192.168.102.0 255.255.255.0 FastEthernet0/0

!

! rules for source match

! Desktop LAN

access-list 1 permit 192.168.0.0 0.0.255.255

! Server LAN

access-list 2 permit 192.168.102.0 0.0.0.255

! firewall ACLs

access-list 104 .....

access-list 105 ....

!

end

Labels:
0 Helpful
2 Replies 2

mhussein
Level 4
Level 4

‎02-22-2005 12:41 AM

I don't think route-maps are applicable here unless you are using policy routing, redistribution, or BGP.

Not sure if you can use a "route-map" in this line:

ip nat inside source route-map isp1-map pool isp1-space to me it doesn't seem to be a valid command, someone else may verify this.

I think it should be something like:

ip nat inside source list 1 pool isp1-space overload

access-list 1 permit 192.168.100.0 0.0.0.255

This will NAT the desktop ip addresses to ISP1 ip addresses. The overload is needed since the serial interface is on 255.255.255.252 network, one usable ip address which is the serial's ip itself!

And also the pool should be:

ip nat pool isp1-space 1.1.1.3 1.1.1.3 prefix-length 30

where one ip address 1.1.1.3 will be uses/overloaded, and the subnet mask is 30 bits=255.255.255.252

Similar configuration can be applied to ISP2 NAT, except that you have 5 additional ip addresses that you can assign statically to your DMZ hosts. The prefix-length should be 29 (the subnet maske on ISP2's serial interface is 29-bits=255.255.255.248)

The last 2 static NAT commands should be without the route-map isp2-map trailer:

ip nat inside source static 192.168.102.164 2.2.2.5

ip nat inside source static 192.168.102.165 2.2.2.6

Regards

Mustafa

vcjones
Level 5
Level 5
In response to mhussein

‎02-23-2005 07:40 AM

I disagree. You actually will need two sets of route maps here. One set to do the policy routing based on source IP so that outbound traffic (to the Internet) coming into the router from your servers will go to the server ISP and traffic from your users will go to the user ISP.

Then you need a second set of route-maps so that the correct translations are applied to outbound traffic based on which interface they are exiting. This set might be considered optional, assuming the static mappings already defined for incoming traffic from the Internet set up the correct overrides. However, you'll need them if you want all traffic from your servers, including transactions such as DNS lookups or NTP packets which originate on the server, to use the server ISP.

Unfortunately, I don't have time to go over your configs in detail and make the necessary changes (I have to work for a living and free advice is limited to what I can provide off the top of my head), but the above should be enough to get you headed in the right direction.

Good luck and have fun!

Vincent C. Jones

www.networkingunlimited.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents