08-30-2008 02:48 PM - edited 03-03-2019 11:20 PM
Hi there,
I have two WAN connections and one LAN connection.
FE0/0 (T1) and FE0/1 (Cable)
FE0/1/0 is LAN
I need to make sure that when Cable FE0/1 is down or track is unsuccessful that workstations (and possibly servers, read on) are able to still reach the WAN through FE0/0 (T1). I'm not sure if my NAT statement (or lack thereof) is correct.
I currently have:
ip nat inside source list 1 interface FastEthernet0/0 overload
and I tried to add:
ip nat inside source list 1 interface FastEthernet0/1 overload
for the T1, but when I add the additional ip nat statement, it replaces the other one. Do I need two NAT statements for this to be successful? How would I configure this?
Additionally I have 4 static NAT statements which are for servers to reach the WAN on their designated public IP's (if the T1 is available, we want them to go out this interface.) If the T1 is not available, is it possible to NAT them to public addresses on the Cable interface (FE0/1)?
Thanks for giving me a hand with this! Please see attached config.
Julian
08-30-2008 07:04 PM
try the following
access-list 1 permit 10.2.1.0 0.0.0.255
access-list 2 permit 10.2.1.0 0.0.0.255
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source list 2 interface FastEthernet0/0 overload
and for useing static nat for internal server with the second ISP u need to have public IPs from the other ISP
and have a look at the following link will be very helpful for ur case
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html
good luck
please, if helpful rate
08-31-2008 05:35 AM
Thanks, very helpful.
I used route-maps as you can see in the attached modified configuration. Could you tell me how I can prefer the T1 route FOR THE SERVERS ONLY (as it has a higher AD and is not default unless CABLE is down)? I only want the servers to go out CABLE if T1 is down.
Please let me know what you think and if this is possible.
Thanks again!
Julian
08-31-2008 06:22 AM
try this config
access-list 10 permit host 10.2.1.30
access-list 10 permit host 10.2.1.32
route-map mymap permit 10
match ip address 10
set nex-hop 2.2.2.65
route-map mymap permit 20
match ip address 10
set nex-hop 1.1.1.1
nterface FastEthernet0/1/0
ip policy route-map mymap
i put inthe ACL 10 only two servers IPs u can put all of them to be matched
good luck
if helpful Rate
08-31-2008 10:24 AM
Great, that looks promising. One last question: if we are forcing the connection out the T1 interface at 1.1.1.1; what happens if the T1 is down? How can we then have it go out CABLE connection (2.2.2.65) ONLY IF the T1 is down?
Thank you again,
Julian
08-31-2008 06:02 PM
the route man contain to lines number 10 for first exit if down the number 20 will be considered then which is the next interface
if helpful Rate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide