Dual NAT/PAT- Cisco 1841

Matthew.Robbins · ‎09-20-2011

I am having some trouble configuring dual NAT on a Cisco 1841.

The 1841 has three interfaces.

Fa0/0 - LAN

Fa0/1- Different private network

Fa0/1/0 - Connection to DSL modem

NAT overloading is configured on Fa0/1 and we have traffic that must be router there. We would like to have all internet access go through the DSL modem. Currently internet access is obtained through fa0/1 but is not ideal. I have floating static routes configured if the DSL link goes down. (Which is currently unplugged)

I do not have physical access to the router at this moment. I would like some idea's one what my options are. We would like to keep the config a simple as possible. It seems like route-maps may be one of our only options.

cadet alain · ‎09-21-2011

Hi,

so instead of the current output interface you want all traffic or some traffic to go out the DSl interface?

You can use PBR to achieve this along with 2 NAT overload statements referencing each a different route-map.

1) for the NAT

route-map PRIV

match ip address 101

match interface f0/1

route-map DSL

match ip address 102

match interface f0/1/0

ip nat inside source route-map PRIV interface f0/1 overload

ip nat inside source route-map DSL interface f0/1/0 overload

Where ACLs classify which traffic you want to be natted to a specific interface.

2) For overriding the FIB routing, so PBR

route-map DSLTRAFFIC

match ip address 102

set ip next-hop verify-reachability x.x.x.x track 1 where x.x.x.x is DSL next-hop( ISP router)

interface f0/0

ip policy route-map DSLTRAFFIC

ip sla 1

icmp-echo x.x.x.x source-interface f0/1/0

frequency 5

ip sla schedule 1 start-time now life forever

track 1 rtr 1 reachability

So traffic matched by ACL 102 will go over DSL if the ISP router is reachable and otherwise will follow the default static you have configured.

You can then delete the floating static you configured.

Regards.

Alain

Don't forget to rate helpful posts.