11-15-2013 11:26 PM - edited 03-04-2019 09:35 PM
Dear experts.
I am using cisco 2821 for internet router. i have two ISP with IP 10.0.1.0/29 and 10.0.2.0/29. ISP 1 is configured as follows for accessing my internal server 172.29.1.5 with nating to 10.0.1.5:
interface GigabitEthernet0/0
ip address 10.0.1.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Fastethernet 0/0/1
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1
ip route 172.29.1.0 255.255.255.0 10.0.0.2
!
!
no ip http server
no ip http secure-server
ip nat pool IP_POOL 10.0.1.2 10.0.1.5 netmask 255.255.255.252
ip nat inside source list 1 pool IP_POOL overload
ip nat inside source static 172.29.1.5 10.0.1.5
All my local user and server 172.29.1.5 getting internet and from internet we getting server 172.29.1.5 nay nating. all is ok.
Now i want to connect 2nd ISP with IP 10.0.2.0/29 and my server ip 172.29.1.4 will nat to 10.0.2.4.
what will be the route that all local user will get internet through both ISP and from internet we get 172.29.1.5 ????
Shahid
11-16-2013 05:59 AM
Shahid
How do you want to use the second ISP? Do you want to establish a primary/backup arrangement or do you want to use them actively and have some kind of load sharing?
If you configure a floating static default route it will give you primary/backup functionality. If you configure a second static default route it will give you both of them working at the same time.
You will need to configure address translation for traffic going out through the second ISP. And when you have two outbound interfaces and address translation on each then the way that you configure address translation needs to change. With one outbound your address translation command has an access list to identify the traffic. When you have a second outbound interface then you need to do address translation using route maps. The route map will have two match commands with one match for the access list and the second match command matching the outbound interface.
If you have a second server that you want to establish static translation that can be done using the second ISP. There is not a good way to have a single server that is translated using both ISP.
HTH
Rick
11-16-2013 09:17 PM
Hi rick
Good day
1st : i want to use both link for active/active and for load sharing.
2nd : single server will not translate to both ISP. 172.29.1.5 to 10.0.1.5 and 172.29.1.4 to 10.0.2.4
Can you please send me the configuration for both ISP and bsoth server.
Thanking You
shahid
11-17-2013 04:44 AM
Steps you need based on your requirement-
1. Configure ISP2 interface
2. Add default route with ISP2 next-hop
3. PBR servers traffic out correct NAT interfaces
4. Deny servers INSIDE_LOCAL IP in dynamic NAT source access-list
5. Use route-maps to match traffic based on access-list and exit interface as source in dynamic NAT configuration
Configuration -
!
interface GigabitEthernet0/0
description ISP1
ip address 10.0.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/2
description ISP2
ip address 10.0.2.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1
ip route 0.0.0.0 0.0.0.0 10.0.2.1
!
ip nat pool POOL1 10.0.1.2 10.0.1.6 netmask 255.255.255.252
ip nat pool POOL2 10.0.2.2 10.0.2.6 netmask 255.255.255.252
!
route-map SERVER-PBR permit 10
match ip address SERVER1
set ip next-hop 10.0.1.1
!
route-map SERVER-PBR permit 20
match ip address SERVER2
set ip next-hop 10.0.2.1
!
ip access-list extended SERVER1
deny ip host 172.29.1.5
permit ip host 172.29.1.5 any
!
ip access-list extended SERVER2
deny ip host 172.29.1.4
permit ip host 172.29.1.4 any
!
interface GigabitEthernet 0/1
ip address 10.0.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip policy route-map SERVER-PBR
duplex auto
speed auto
!
!
!
access-list 1 deny 172.29.1.5
access-list 1 deny 172.29.1.4
access-list 1 permit 172.29.1.0 0.0.0.255
!
route-map ROUTE1
match ip address 1
match interface GigabitEthernet0/0
!
route-map ROUTE2
match ip address 1
match interface GigabitEthernet0/2
!
ip nat inside source route-map ROUTE1 pool POOL1 overload
ip nat inside source route-map ROUTE2 pool POOL2 overload
!
end
11-17-2013 04:53 AM
Oh i forgot the last piece - Static nat for servers
!
ip nat inside source static 172.29.1.5 10.0.1.5
ip nat inside source static 172.29.1.4 10.0.2.4
!
Regards,
Vishesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide