02-15-2011 12:26 AM - edited 03-04-2019 11:25 AM
Can someone tell me, how to access insdie serve from two public IP for 2 ISPs. Static NAT or PBR.
Please se the attached
My goel is to access inside Server from outside with two public IP from 2 ISPs at same time. by static NAT or PBR.
Please help me.
This is runn conf.
interface FastEthernet0/0.1
encapsulation dot1Q 9———–LAN
ip address 10.10.5.70 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.3
encapsulation dot1Q 3———- ISP-1
ip address 82.128.161.50 255.255.255.224
ip nat outside
!
interface FastEthernet0/0.4
encapsulation dot1Q 4————–ISP-2
ip address 77.192.187.250 255.255.255.248
ip nat outside
!
ip nat inside source static 10.10.5.60 82.128.161.51 route-map isp1
ip nat inside source static 10.10.5.60 77.192.187.251 route-map isp2
ip classless
ip route 0.0.0.0 0.0.0.0 77.192.187.254
ip route 0.0.0.0 0.0.0.0 82.128.161.33 20
no ip http server
!
route-map isp2 permit 10
match interface FastEthernet0/0.4
!
route-map isp1 permit 10
match interface FastEthernet0/0.3
02-15-2011 10:31 AM
No body give or explain , i think, It need some Experit.
02-15-2011 11:55 AM
Hi,
Add commands below in your config.
access-list 10 permit 10.10.5.0 0.0.0.255
access-list 20 permit 10.10.5.0 0.0.0.255
ip nat inside source list 10 interface FastEthernet0/0.3 overload
ip nat inside source list 20 interface FastEthernet0/0.4 overload
hth
Muammer
02-15-2011 12:05 PM
mrdogantr wrote:
Hi,
Add commands below in your config.
access-list 10 permit 10.10.5.0 0.0.0.255
access-list 20 permit 10.10.5.0 0.0.0.255
ip nat inside source list 10 interface FastEthernet0/0.3 overload
ip nat inside source list 20 interface FastEthernet0/0.4 overload
hth
Muammer
You will find that such commands, make NAT fail.
02-15-2011 10:54 PM
the wan router have two different interface for
two different isp
just configure two different public ip on two interface invidually and pint default route from those interfaces
nothing to do with route-map
02-21-2011 12:55 AM
It is working Fine, but you need two IP for LAN , and no need Default route, If some one have other solution for only ony IP for LAN server , please Explain.
Router#sh runn
Building configuration...
Current configuration : 1937 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HS45408$iutGDSO7r73434mFH.d0bgjOZ/
enable password 7 1218011A135B05580C252720245413D32
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface Loopback0
ip address 192.168.150.1 255.255.255.252
ip nat outside
ip policy route-map PBR-LOOP
!
interface ATM0/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0/0
no ip address
speed auto
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 9---------------------LAN
ip address 10.10.5.70 255.255.255.0
ip nat inside
ip policy route-map PBR-LAN
!
interface FastEthernet0/0.3 -------------- ISP1
encapsulation dot1Q 3
ip address 82.128.161.50 255.255.255.224
ip nat outside
!
interface FastEthernet0/0.4-------------- ISP2
encapsulation dot1Q 4
ip address 77.192.187.250 255.255.255.248
ip nat outside
!
ip nat inside source static 10.10.5.60 77.192.187.251
ip nat inside source static 10.10.5.61 82.128.161.51
ip classless
no ip http server
!
ip access-list extended STATIC-NAT-ISP1
permit ip host 82.128.161.51 any
ip access-list extended STATIC-NAT-ISP2
permit ip host 77.192.187.251 any
ip access-list extended STATIC-NAT-SERVICES
permit ip host 10.10.5.60 any----------------- SERVER LAN IP 1
permit ip host 10.10.5.61 any------------------SERVER LNA IP 2
!
route-map PBR-LAN permit 10
match ip address STATIC-NAT-SERVICES
set ip next-hop 192.168.150.2
!
route-map PBR-LOOP permit 10
match ip address STATIC-NAT-ISP1
set ip next-hop 82.128.161.33
!
route-map PBR-LOOP permit 20
match ip address STATIC-NAT-ISP2
set ip next-hop 77.192.187.254
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 14161606050A7E232B24GFY34JHF373C2C1453
login
!
!
end
Router#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide