cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1137
Views
6
Helpful
5
Replies

How can I NAT on two ISP's?

julianunderwood
Level 1
Level 1

Hi there,

I have two WAN connections and one LAN connection.

FE0/0 (T1) and FE0/1 (Cable)

FE0/1/0 is LAN

I need to make sure that when Cable FE0/1 is down or track is unsuccessful that workstations (and possibly servers, read on) are able to still reach the WAN through FE0/0 (T1). I'm not sure if my NAT statement (or lack thereof) is correct.

I currently have:

ip nat inside source list 1 interface FastEthernet0/0 overload

and I tried to add:

ip nat inside source list 1 interface FastEthernet0/1 overload

for the T1, but when I add the additional ip nat statement, it replaces the other one. Do I need two NAT statements for this to be successful? How would I configure this?

Additionally I have 4 static NAT statements which are for servers to reach the WAN on their designated public IP's (if the T1 is available, we want them to go out this interface.) If the T1 is not available, is it possible to NAT them to public addresses on the Cable interface (FE0/1)?

Thanks for giving me a hand with this! Please see attached config.

Julian

5 Replies 5

Marwan ALshawi
VIP Alumni
VIP Alumni

try the following

access-list 1 permit 10.2.1.0 0.0.0.255

access-list 2 permit 10.2.1.0 0.0.0.255

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source list 2 interface FastEthernet0/0 overload

and for useing static nat for internal server with the second ISP u need to have public IPs from the other ISP

and have a look at the following link will be very helpful for ur case

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html

good luck

please, if helpful rate

Thanks, very helpful.

I used route-maps as you can see in the attached modified configuration. Could you tell me how I can prefer the T1 route FOR THE SERVERS ONLY (as it has a higher AD and is not default unless CABLE is down)? I only want the servers to go out CABLE if T1 is down.

Please let me know what you think and if this is possible.

Thanks again!

Julian

try this config

access-list 10 permit host 10.2.1.30

access-list 10 permit host 10.2.1.32

route-map mymap permit 10

match ip address 10

set nex-hop 2.2.2.65

route-map mymap permit 20

match ip address 10

set nex-hop 1.1.1.1

nterface FastEthernet0/1/0

ip policy route-map mymap

i put inthe ACL 10 only two servers IPs u can put all of them to be matched

good luck

if helpful Rate

Great, that looks promising. One last question: if we are forcing the connection out the T1 interface at 1.1.1.1; what happens if the T1 is down? How can we then have it go out CABLE connection (2.2.2.65) ONLY IF the T1 is down?

Thank you again,

Julian

the route man contain to lines number 10 for first exit if down the number 20 will be considered then which is the next interface

if helpful Rate