Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
231
Views
0
Helpful
2
Replies

C819 ISR NAT issues 1 LAN 2 WANs

swclark
Level 1
Level 1

‎02-19-2015 03:15 PM - edited ‎03-05-2019 12:50 AM

i have a C819 router with 1 Vlan interface, 1 Gig interface, 1 Cellular interface and a NAT configuration issue. I use CCP to configure NAT for the router with Vlan1 trusted and Cell and Gig interfaces untrusted. When i configure Vlan1 and Gig 0 interface with NAT then add Cell 0, only the Gig 0 interface NAT's the out going packets. When i configure Vlan1 and Cell 0 interfaces and then add Gig 0, only the Cell 0 interface NAT's outgoing packets. It seems like everything works but i'm missing something.

i want the Gig interface to be primary internet access with the Cell interface as failover. When the Gig interface is restored the Cell interface returns to backup. i have attached my running-config for the NAT experts....thanks in advance.

Labels:
Preview file
5 KB
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎02-19-2015 04:18 PM

I'm not familiar with CCP but I can give you the CLI commands.

You need to modify your NAT statements to also match the outgoing interface.

You can use the same acl for both NAT statements. 

So lets clear the existing NAT configuration -

no ip nat inside source list 1 interface Cellular0 overload
no ip nat inside source list 2 interface GigabitEthernet0 overload

I always use extended acls so i'll use those but if you want to reuse one of your acls for NAT then just substitute your acl number in the below.  

access-list 101 permit ip 172.17.37.0 0.0.0.255 any

route-map PRIMARY permit 10
match ip address 101
match interface gi0

route-map BACKUP permit 10
match ip address 101
match interface cellular0

ip nat inside source route-map PRIMARY interface gi0 overload
ip nat inside source route-map BACKUP interface cellular0 overload

Jon

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎02-19-2015 04:26 PM

The configuration I supplied is assuming that your issue is that whichever NAT statement you put first that is the one that is used regardless of which interface is actually active at the time.

If that is your issue then try the configuration as I posted.

It's taken from the following document which is pretty much what you are trying to do except the PBR for inside hosts so if you still face issues it may be worth having a read of that -

https://supportforums.cisco.com/document/32186/dual-internet-links-nating-pbr-and-ip-sla

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card