Cisco Community
English
Register
Cisco Community Events are getting a new name! LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
288
Views
15
Helpful
5
Replies
Highlighted
hadi riyahiyan
hadi riyahiyan Beginner
Beginner
‎08-17-2019 10:17 PM
‎08-17-2019 10:17 PM

Nat Two different public IP address to one private IP

Hi, everybody,

I have a web server: 192.168.7.1/24 connected to a router and the router  connected to two ISP like this:

 

                                                          ISP1(1.1.1.1)------\

   "WebServer"---->Core--->Router[                                 ==> 3.3.3.3

                                                          ISP2(2.2.2.1)------/

I want 3.3.3.3 ping My WebServer by 1.1.1.20 and 2.2.2.20, I mean if ISP1 is unreachable then WebServer be in access from ISP2,  assume nat and routing on 3.3.3.3 is ok, I wrote a NAT:

---IP nat inside source static 192.168.7.1 1.1.1.20---

what should I do to have redundancy between NATs? This nat "IP nat inside source static 192.168.7.1 2.2.2.20" is not allowed (% 192.168.7.1 already mapped (192.168.7.1 -> 1.1.1.20). I have IP SLA to check IPS1 and ISP2.

 

 

Labels:
Everyone's tags (1)
0 Helpful
Reply
2 ACCEPTED SOLUTIONS

Accepted Solutions
Georg Pauwen
VIP Mentor Georg Pauwen VIP Mentor
VIP Mentor
‎08-18-2019 12:54 AM
‎08-18-2019 12:54 AM

Re: Nat Two different public IP address to one private IP

Hello,

 

try and use the 'extendable' keyword:

 

R1(config)#ip nat inside source static 192.168.7.1 1.1.1.20 extendable
R1(config)#ip nat inside source static 192.168.7.1 2.2.2..20 extendable

Reply
Georg Pauwen
VIP Mentor Georg Pauwen VIP Mentor
VIP Mentor
‎08-25-2019 12:44 AM
‎08-25-2019 12:44 AM

Re: Nat Two different public IP address to one private IP

Hello,

 

you could add the two EEM scripts below, in order to remove the redundant static NAT entry altogether if it is not in use. The script also clears the existing NAT translation so you don't have to wait for the it to time out...

 

Edit: Thinking about it again, I changed the order of the actions and put the 'clear ip nat translation *" at the end.

 

event manager applet CLEAR_NAT_DOWN
event track 1 state down
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip nat inside source static 192.168.7.1 1.1.1.20 extendable"
action 4.0 cli command "ip nat inside source static 192.168.7.1 2.2.2.20 extendable"
action 5.0 cli command "end"

action 6.0 cli command “clear ip nat translation *”

 

event manager applet CLEAR_NAT_UP
event track 1 state up
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip nat inside source static 192.168.7.1 2.2.2.20 extendable"
action 4.0 cli command "ip nat inside source static 192.168.7.1 1.1.1.20 extendable"
action 5.0 cli command "end"

action 6.0 cli command “clear ip nat translation *”

 

Reply
5 REPLIES 5
Georg Pauwen
VIP Mentor Georg Pauwen VIP Mentor
VIP Mentor
‎08-18-2019 12:54 AM
‎08-18-2019 12:54 AM

Re: Nat Two different public IP address to one private IP

Hello,

 

try and use the 'extendable' keyword:

 

R1(config)#ip nat inside source static 192.168.7.1 1.1.1.20 extendable
R1(config)#ip nat inside source static 192.168.7.1 2.2.2..20 extendable

Reply
hadi riyahiyan
hadi riyahiyan Beginner
Beginner
‎08-18-2019 11:03 PM
‎08-18-2019 11:03 PM

Re: Nat Two different public IP address to one private IP

tnx it works, webServer is accessed from both ISP1 and IPS2 but if IPS1 is not accessible, the Webserver cannot ping 3.3.3.3 !!!
0 Helpful
Reply
paul driver
VIP Advisor paul driver VIP Advisor
VIP Advisor
‎08-19-2019 01:01 AM
‎08-19-2019 01:01 AM

Re: Nat Two different public IP address to one private IP

Hello

@hadi riyahiyan wrote:
tnx it works, webServer is accessed from both ISP1 and IPS2 but if IPS1 is not accessible, the Webserver cannot ping 3.3.3.3 !!!

Sounds like you need some monitoring on your routing, Below is a example of using default routing towards your isp's?


ip sla 1
icmp-echo <iSP1> source-ip <isp facing interlace ip>
ip sla schedule 1 life forever start-time now


track 10 ip sla 1


ip route 0.0.0.0 0.0.0.0 <isp1> name Primary_ISP track 10
ip route 0.0.0.0 0.0.0.0 <isp2> name Secondary_ISP 200

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Reply
hadi riyahiyan
hadi riyahiyan Beginner
Beginner
‎08-25-2019 12:08 AM
‎08-25-2019 12:08 AM

Re: Nat Two different public IP address to one private IP

thank you for your answer, I have IPSLA now but the problem is
in:
ip nat inside source static 192.168.7.1 1.1.1.20 extendable
ip nat inside source static 192.168.7.1 2.2.2..20 extendable
first NAT always run before the second one, so if ISP 1.1.1.1 is not in access router keep NATing by first NAT while web server will route by
"ip route 0.0.0.0 0.0.0.0 <isp2> name Secondary_ISP 200" (because of IPSLA) !!!
I want automatically NAT changed to "ip nat inside source static 192.168.7.1 2.2.2..20 extendable"
0 Helpful
Reply
Georg Pauwen
VIP Mentor Georg Pauwen VIP Mentor
VIP Mentor
‎08-25-2019 12:44 AM
‎08-25-2019 12:44 AM

Re: Nat Two different public IP address to one private IP

Hello,

 

you could add the two EEM scripts below, in order to remove the redundant static NAT entry altogether if it is not in use. The script also clears the existing NAT translation so you don't have to wait for the it to time out...

 

Edit: Thinking about it again, I changed the order of the actions and put the 'clear ip nat translation *" at the end.

 

event manager applet CLEAR_NAT_DOWN
event track 1 state down
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip nat inside source static 192.168.7.1 1.1.1.20 extendable"
action 4.0 cli command "ip nat inside source static 192.168.7.1 2.2.2.20 extendable"
action 5.0 cli command "end"

action 6.0 cli command “clear ip nat translation *”

 

event manager applet CLEAR_NAT_UP
event track 1 state up
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip nat inside source static 192.168.7.1 2.2.2.20 extendable"
action 4.0 cli command "ip nat inside source static 192.168.7.1 1.1.1.20 extendable"
action 5.0 cli command "end"

action 6.0 cli command “clear ip nat translation *”

 

Reply
Latest Contents
How to get member id of Cisco DNAC for Cloud Canary Upgrade
Created by pbagga on 09-13-2019 01:37 PM
0
5
0
5
1. Log into CLI of DNAC:  ssh maglev@< DNAC appliance IP> -p 2222 2. Run this curl command to get token to get member id: curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token Not... view more
16.12.2 Beta Release for Catalyst Switches
Created by okumar on 09-12-2019 10:27 PM
0
0
0
0
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee... view more
Cisco SD-Access Deployment Best Practices - Transit Control ...
Created by Karthik Kumar Thatikonda on 09-11-2019 04:04 PM
0
0
0
0
Purpose of the document This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C... view more
Networking Professionals - Participate in our 20-min online ...
Created by betswang on 09-10-2019 02:10 PM
0
0
0
0
Do you currently have hands-on networking experience? If you do, we'd love to hear from you!   Your feedback will be reviewed and analyzed by our team to directly influence a networking management and monitoring product.   Take the 20-min or les... view more
TTT
Created by abedalrahmandakhlallah on 09-08-2019 12:00 PM
0
0
0
0
 
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
July's Community Spotlight Awards