06-16-2010 10:39 AM - edited 03-04-2019 08:48 AM
Hey everyone,
Until today, I've had a single static IP address to the outside world, using NAT for internal machines.
interface GigabitEthernet0/0
description EXTERNAL
ip address 68.65.214.18 255.255.255.248
ip nat outside
!
interface GigabitEthernet0/1
description INTERNAL
ip address 192.168.0.1 255.255.252.0
ip nat inside
!
ip nat inside source list 15 interface GigabitEthernet0/0 overload
access-list 15 permit 192.168.0.0 0.0.255.255
ip default-gateway 68.64.214.17
Today we've upgraded our line and obtained an additional subnet from our ISP: 216.242.39.128/27. I'd like you utilize the additional block for dynamic NAT translation. Can anyone point me in the right direction?
Thanks!
Ben
(by the way, this is for a cisco 2821)
06-16-2010 11:10 PM
You can define multiple IP pools, them bind them to a inside source ACL via a route map.
HTH>
06-17-2010 09:38 AM
Hi. I'm looking to implement something similar to this and came across this tread.
I do, however, have a couple questions and was hoping that someone could assist.
a) I have two ISP's coming in on a single router
b) I will use ISPa as the primary and will receive Default Route from provider using BGP
c) I will use ISPb as the backup and was planning to use a floating static Default Route with a Admin Distance of 250
My questions are;
1) How do I configure two NAT pools one for each ISP?
2) How do you configure the router to use NAT Pool for ISPa when ISPa service is available
3) How do you configure the router to use NAT Pool for ISPb when ISPa Peering fails and I'm no longer receiving a Default Route (and the floating static will be used)
Thank You
06-17-2010 10:41 AM
Presuming you have 2 seperate interfaces connecting to the ISP's?
Then you just bind the NAT pools directly the interfaces, and the routing will take care of the rest.
HTH>
06-17-2010 11:04 AM
Thanks for the quick response Andrew.
I'm kind of new to this. Do you have any examples of how to bind the NAT pool to an interface?
06-17-2010 11:19 AM
06-17-2010 11:29 AM
thank you Andrew. I have read these documents before. Unless I missed it, I don't see a specific example for how to bind the NAT Pool to a particular interface. Sorry...
06-17-2010 12:18 PM
Ahh sorry - missed the best one out!
But seeing what I posted, I was incorrect, and thinking about something else! I don;t think it's possible to directly attach a NAT pool to an interface.
You can define a route map, matching an IP address indicating the source (inside) ip subnet and the next hop (outside) for the particular ISP, and bind the NAT pool to the route map!
Defining to seperate route maps/acl's to the 2 ISP's should allow you to use 2 NAT pools. And the next hop issue will be handled by routing...... I will take this into the lab tomorrow and see if it works!!!!
HTH>
06-17-2010 12:29 PM
Ah, yes! I think I'm getting it. If I include a route-map to the NAT pool and specify "next-hop" as a route-map criteria, that looks like what I need. Curious to see how your lab setup works
06-18-2010 02:34 AM
LAB worked pretty good.
FA0/0 - ISP1 172.16.1.0 255.255.255.0
FA0/1 - ISP2 192.168.1.0 255.255.255.0
!
ip nat pool ISP1 172.16.1.50 172.16.1.60 netmask 255.255.255.0
ip nat pool ISP2 192.168.1.50 192.168.1.60 netmask 255.255.255.0
!
ip nat inside source route-map ISP1 pool ISP1 overload
ip nat inside source route-map ISP2 pool ISP2 overload
!
ip nat inside source static 172.16.1.1 172.16.1.1 - this was required for BGP to work!!
ip nat inside source static 192.168.1.1 192.168.1.1 - this was required for BGP to work!!
!
access-list 1 permit 172.16.1.2
access-list 10 permit 192.168.1.2
!
route-map ISP2 permit 5
match ip next-hop 10
!
route-map ISP1 permit 5
match ip next-hop 1
HTH>
06-18-2010 03:58 AM
Great! Thanks Andrew.
Questions
1. What is 172.16.1.2 and 192.168.1.2?
2. I would think the route-map, next-hop would mean the upstream providers IP gateway??
Pete
06-18-2010 04:06 AM
Those IP's were the next hop provider IP's in my lab
/ISP1 172.16.1.2
R1-172.16.1.1/192.168.1.1--|
\ISP2 192.186.1.2
So whatever the IP address the router has as a next hop - this is the IP you use. Whatever IP address you use for the floating static route, that's the IP you use.
06-18-2010 04:48 AM
Andrew,
I really appreciate your help on this. It will take a while for me to actual implement this as I need to order the router, which could take a few weeks. I'll keep your email handy and will report my progress.
Pete
10-12-2023 12:54 AM
Hi Andrew,
Could you show me some config sample for this multiple IP pools and bind using route map ?
I do have similar problem with this single ISP interface with 2 public ip segment that need to be NAT
thanks
10-12-2023 12:32 PM
Hello @benlemasurier
@benlemasurier wrote:
Until today, I've had a single static IP address to the outside world, using NAT for internal machines.
Today we've upgraded our line and obtained an additional subnet from our ISP: 216.242.39.128/27. I'd like you utilize the additional block for dynamic NAT translation. Can anyone point me in the right direction?
You can utilse nat acls and pool statements to accommodate both primary/secondary public wan addressing, with the acls being used to state which lan host(s) are natted to either public address(s)
Example:
no ip default-gateway 68.64.214.17
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 68.64.214.17
access-list 15 permit 192.168.0.0 0.0.0.127
access-list 16 permit 192.168.0.128 0.0.0.127
interface GigabitEthernet0/0
ip address 216.242.39.129 255.255.255.224 secondary
ip nat pool prim 68.65.214.18 68.65.214.18 prefix-length 28
ip nat pool secip 216.242.39.129 216.242.39.129 prefix-length 27
ip nat inside source list 15 pool prim overload
ip nat inside source list 16 pool secip overload
ip nat service enable-sym-port (IOS software only)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide