Solved: Multihoming - With Static NATs

sblavanya · ‎03-31-2010

Hi All

Yet another question of multihoming. I know there have been lots of discussions on this, but no concrete answer.

My scenario is simple. I have a cisco 1800 router with one ISP connection now. Going to add another internet connection to this router.

On the LAN, i have users who need internet access. I also have a webserver which needs access from internet all the time.

I dont think ill have issues failing over outbound connection from LAN -> internet , with IP SLA and PAT overload with route-maps...

What I have issues with is the inbound connection to the webserver through both ISP's. there will be dynamic dns updates which will force traffic to ISP 2 if the ISP 1 IP is not reachable. But my issue is static NAT on the end router.. I would already have a static NAT for webserver pointing to ISP 1.. how will I add another NAT to ISP 2 , for me to accept traffic from outside to webserver thro ISP 2 ? I dont want to run BGP , or using any other device for multihoming. (note - i have an extra router which can be configured as backup, with the ISP 2 line, and doing static nat on that router ? )

Pls help.

Federico Coto Fajardo · ‎03-31-2010

Hi,

You're correct, you should not have any problem with the outgoing traffic.

For the inbound access to the internal server you can use route-maps on the static NAT to differentiate the traffic, for example:

ip nat inside source static 1.1.1.1 2.2.2.2 route-map ISP-1

ip nat inside source static 1.1.1.1 3.3.3.3 route-map ISP-2

In this way the internal web server (1.1.1.1) will be NATed to 2.2.2.2 when communicating with the first ISP and to 3.3.3.3 when communicating to the second ISP.

The other option of having another router which does the static NAT is valid as well.

Federico.

View solution in original post

Federico Coto Fajardo · ‎03-31-2010

Hi,

You're correct, you should not have any problem with the outgoing traffic.

For the inbound access to the internal server you can use route-maps on the static NAT to differentiate the traffic, for example:

ip nat inside source static 1.1.1.1 2.2.2.2 route-map ISP-1

ip nat inside source static 1.1.1.1 3.3.3.3 route-map ISP-2

In this way the internal web server (1.1.1.1) will be NATed to 2.2.2.2 when communicating with the first ISP and to 3.3.3.3 when communicating to the second ISP.

The other option of having another router which does the static NAT is valid as well.

Federico.

sblavanya · ‎03-31-2010

Thanks Fredrico

So, we could have a single INSIDE IP being translated to two different GLOBAL IP's ? i hope you have tested this ? Do you have any link on CCO where I can reference this ?

Thanks again for your answer.

sblavanya · ‎03-31-2010

and what would the route-map ISP-1 & ISP-2 contain ? what will be the source traffic that I would refer on the route-maps ? I presume each route-map will have the "set next-hop" to its associated ISP's default gateway ?

Thanks again

Federico Coto Fajardo · ‎03-31-2010

You can NAT one single INSIDE IP to multiple OUTSIDE IPs as long as you do conditional NAT (using route-maps) much like Policy NAT.

The reason that you can translate the same IP to different IPs statically is because you differentiate or condition the translation to happen only when the route-map applies.

The route-map should have a match statement for ISP-1 and a next-hop for its ISP connection (same as route-map ISP-2)

In short, you define in route-map ISP-1, when to apply the first static NAT and in route-map ISP-2 when to apply the second static NAT statement.

Take a look at this quick link:

http://www.cisco.com/en/US/partner/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html

Federico.

sblavanya · ‎03-31-2010

Thanks Fredrico.. Ill have a look and come back if I have any more queries