cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1059
Views
0
Helpful
2
Replies

how to configure static nat with route-maps on a dynamically addressed interface?

jamarkle
Level 1
Level 1

i'm trying to figure out how to do static nat for two ISPs when one of them gives us a static block and the other a dynamic ip.

basically i've been made aware of

ip nat inside source static x.x.x.x y.y.y.y route-map isp1

ip nat inside source static x.x.x.x z.z.z.z route-map isp2

but this won't work for me as currently i have to use

ip nat inside source static x.x.x.x int cable-modem0.0/0

since we don't have a static IP for the cable modem service.

is there a way to work around this so i can have it use the cable interface and static nat out there while at the same time having it static nat out the dsl interface for the same services?

(i'm basically trying to accomplish a dual ISP setup and to have fail-over to the dsl line if/when the cable line goes down.  i've gotten the dynamic nat stuff working by using route-maps for the dynamic nat translations, and am now trying to get our static entries to fail-over as well, or exist all the time also)

-jason

2 Replies 2

Hi ,

i think that you can try :

ip nat source list acl-name interface cable-mo0

and the decision of the forwarding to one or the other ISP will be made based on routing table

HTH

so what i'm trying to get working on a per isp basis is the following:

ip nat inside source static tcp 172.16.1.x 3389 interface Cable-Modem0/0/0 5000
ip nat inside source static tcp 172.16.1.y 3389 interface Cable-Modem0/0/0 5001
ip nat inside source static tcp 172.16.1.z 3389 interface Cable-Modem0/0/0 5002
ip nat inside source static tcp 172.16.1.a 3389 interface Cable-Modem0/0/0 5003
ip nat inside source static tcp 172.16.1.b 3389 interface Cable-Modem0/0/0 ........

are you saying that i can represent the specific tcp ports on both the inside and outside interfaces within the acl?  like this?

ip access ext test-nat-acl

permit tcp host 172.16.1.x eq 3389 any eq 5000

that totally doesn't seem like it will work....i need specific port mappings so that these inside servers can be accessed from the outside....

Review Cisco Networking for a $25 gift card