Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1905
Views
0
Helpful
3
Replies

2 ISP's, 1 external Network Router on a stick

Go to solution
amatorjnr
Level 1
Level 1

‎03-02-2018 01:35 PM - edited ‎03-05-2019 10:01 AM

Hi, please I'm testing out a scenario where I have 2 ISP's, and 1 external Network configuration on a router on a stick configuration,

 

I have 5 Vlans, All should be able to access the internet 1 ISP interface.

vlan 2 and 5 should be able to access all 2 ISPs at will

only vlan 4 should be able to hit the external network (Bank Server)

ALL INSIDE NETWORKS SHOULD BE NAT'D ACROSS ALL OUTSIDE INTERFACES INCLUDING THE EXTERNAL NETWORK

 

Configuration on router:

Building configuration...

 

Current configuration : 1799 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO2911/K9 sn FTX152470A8

!

!

!

!

!

!

!

!

!

no ip domain-lookup

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 10.10.10.190 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.2

encapsulation dot1Q 2

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.5.100

ip nat inside

!

interface GigabitEthernet0/1.3

encapsulation dot1Q 3

ip address 192.168.3.1 255.255.255.0

ip helper-address 192.168.5.100

ip nat inside

!

interface GigabitEthernet0/1.4

encapsulation dot1Q 4

ip address 192.168.4.1 255.255.255.0

ip helper-address 192.168.5.100

ip nat inside

!

interface GigabitEthernet0/1.5

encapsulation dot1Q 5

ip address 192.168.5.1 255.255.255.0

ip nat inside

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/3/0

ip address 4.1.1.2 255.255.255.0

ip nat outside

!

interface Serial0/3/1

ip address 5.1.1.2 255.255.255.0

ip nat outside

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 3.1.1.0 255.255.255.0 GigabitEthernet0/1

ip route 3.1.1.0 255.255.255.0 10.10.10.189

ip route 0.0.0.0 0.0.0.0 4.1.1.1

ip route 0.0.0.0 0.0.0.0 5.1.1.1

!

ip flow-export version 9

!

!

ip access-list standard INTERNET

permit 192.168.5.0 0.0.0.255

permit 192.168.4.0 0.0.0.255

permit 192.168.3.0 0.0.0.255

permit 192.168.2.0 0.0.0.255

permit 192.168.1.0 0.0.0.255

!

!

!

!

!

line con 0

logging synchronous

!

line aux 0

!

line vty 0 4

password amator

login

!

!

!

end

Labels:
Preview file
72 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎03-03-2018 02:14 PM

Hello,

 

here is what I have come up with initially (additions in bold):

 

Current configuration : 1799 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
no ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX152470A8
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
description Link to External Network
ip address 10.10.10.190 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.5.100
ip nat inside
ip policy route-map PBR
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.5.100
ip nat inside
ip policy route-map PBR
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.5.100
ip nat inside
ip policy route-map PBR
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip policy route-map PBR
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
description Link to ISP1
ip address 4.1.1.2 255.255.255.0
ip nat outside
!
interface Serial0/3/1
description Link to ISP2
ip address 5.1.1.2 255.255.255.0
ip nat outside
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source route-map ISP1 interface Serial0/3/0 overload
ip nat inside source route-map ISP2 interface Serial0/3/1 overload
ip nat inside source route-map EXTERNAL_NETWORK interface GigabitEthernet0/0 overload
!
ip classless
ip route 3.1.1.0 255.255.255.0 GigabitEthernet0/1
ip route 3.1.1.0 255.255.255.0 10.10.10.189
ip route 0.0.0.0 0.0.0.0 4.1.1.1
ip route 0.0.0.0 0.0.0.0 5.1.1.1
!
access-list 100 permit ip 192.168.0.0 0.0.7.255 any
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
!
access-list 102 permit ip 192.168.4.0 0.0.0.255 10.10.10.0 0.0.0.255
!
route-map PBR permit 10
match ip address 100
set ip next-hop 4.1.1.1
!
route-map PBR permit 20
match ip address 101
set ip next-hop 4.1.1.1 5.1.1.1
!
route-map PBR permit 30
match ip address 102
set ip next-hop 10.10.10.189
!
route-map ISP1 permit 10
match ip address 100
match interface Serial0/3/0
!
route-map ISP2 permit 10
match ip address 101
match interface Serial0/3/1
!
route-map EXTERNAL_NETWORK permit 10
match ip address 102
match interface GigabitEthernet0/0
!
ip flow-export version 9
!
ip access-list standard INTERNET
permit 192.168.5.0 0.0.0.255
permit 192.168.4.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
!
line con 0
logging synchronous
!
line aux 0
!
line vty 0 4
password amator
login
!
end

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎03-02-2018 11:46 PM

You can archive your solution with Route MAP configuration. I am thinking that you are new to Cisco So I am sharing a link:

https://supportforums.cisco.com/t5/network-infrastructure-documents/how-to-configure-static-nat-with-route-maps/ta-p/3132855

 

if you will face any difficulty then tell me i will share the configuration also.

 

regards,

Deepak 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
amatorjnr
Level 1
Level 1
In response to Deepak Kumar

‎03-07-2018 05:47 AM

Thanks for the help, I'll have to get back to you. I'm yet to try it out.
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎03-03-2018 02:14 PM

Hello,

 

here is what I have come up with initially (additions in bold):

 

Current configuration : 1799 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
no ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX152470A8
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
description Link to External Network
ip address 10.10.10.190 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.5.100
ip nat inside
ip policy route-map PBR
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.5.100
ip nat inside
ip policy route-map PBR
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.5.100
ip nat inside
ip policy route-map PBR
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip policy route-map PBR
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
description Link to ISP1
ip address 4.1.1.2 255.255.255.0
ip nat outside
!
interface Serial0/3/1
description Link to ISP2
ip address 5.1.1.2 255.255.255.0
ip nat outside
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source route-map ISP1 interface Serial0/3/0 overload
ip nat inside source route-map ISP2 interface Serial0/3/1 overload
ip nat inside source route-map EXTERNAL_NETWORK interface GigabitEthernet0/0 overload
!
ip classless
ip route 3.1.1.0 255.255.255.0 GigabitEthernet0/1
ip route 3.1.1.0 255.255.255.0 10.10.10.189
ip route 0.0.0.0 0.0.0.0 4.1.1.1
ip route 0.0.0.0 0.0.0.0 5.1.1.1
!
access-list 100 permit ip 192.168.0.0 0.0.7.255 any
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
!
access-list 102 permit ip 192.168.4.0 0.0.0.255 10.10.10.0 0.0.0.255
!
route-map PBR permit 10
match ip address 100
set ip next-hop 4.1.1.1
!
route-map PBR permit 20
match ip address 101
set ip next-hop 4.1.1.1 5.1.1.1
!
route-map PBR permit 30
match ip address 102
set ip next-hop 10.10.10.189
!
route-map ISP1 permit 10
match ip address 100
match interface Serial0/3/0
!
route-map ISP2 permit 10
match ip address 101
match interface Serial0/3/1
!
route-map EXTERNAL_NETWORK permit 10
match ip address 102
match interface GigabitEthernet0/0
!
ip flow-export version 9
!
ip access-list standard INTERNET
permit 192.168.5.0 0.0.0.255
permit 192.168.4.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
!
line con 0
logging synchronous
!
line aux 0
!
line vty 0 4
password amator
login
!
end

0 Helpful
Customers Also Viewed These Support Documents