Solved: Nat Two different public IP address to one private IP

hadi riyahiyan · ‎08-17-2019

Hi, everybody,

I have a web server: 192.168.7.1/24 connected to a router and the router connected to two ISP like this:

ISP1(1.1.1.1)------\

"WebServer"---->Core--->Router[ ==> 3.3.3.3

ISP2(2.2.2.1)------/

I want 3.3.3.3 ping My WebServer by 1.1.1.20 and 2.2.2.20, I mean if ISP1 is unreachable then WebServer be in access from ISP2, assume nat and routing on 3.3.3.3 is ok, I wrote a NAT:

---IP nat inside source static 192.168.7.1 1.1.1.20---

what should I do to have redundancy between NATs? This nat "IP nat inside source static 192.168.7.1 2.2.2.20" is not allowed (% 192.168.7.1 already mapped (192.168.7.1 -> 1.1.1.20). I have IP SLA to check IPS1 and ISP2.

Georg Pauwen · ‎08-18-2019

Hello,

try and use the 'extendable' keyword:

R1(config)#ip nat inside source static 192.168.7.1 1.1.1.20 extendable
R1(config)#ip nat inside source static 192.168.7.1 2.2.2..20 extendable

View solution in original post

Georg Pauwen · ‎08-25-2019

Hello,

you could add the two EEM scripts below, in order to remove the redundant static NAT entry altogether if it is not in use. The script also clears the existing NAT translation so you don't have to wait for the it to time out...

Edit: Thinking about it again, I changed the order of the actions and put the 'clear ip nat translation *" at the end.

event manager applet CLEAR_NAT_DOWN
event track 1 state down
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip nat inside source static 192.168.7.1 1.1.1.20 extendable"
action 4.0 cli command "ip nat inside source static 192.168.7.1 2.2.2.20 extendable"
action 5.0 cli command "end"

action 6.0 cli command “clear ip nat translation *”

event manager applet CLEAR_NAT_UP
event track 1 state up
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip nat inside source static 192.168.7.1 2.2.2.20 extendable"
action 4.0 cli command "ip nat inside source static 192.168.7.1 1.1.1.20 extendable"
action 5.0 cli command "end"

action 6.0 cli command “clear ip nat translation *”

View solution in original post

Georg Pauwen · ‎08-18-2019

Hello,

try and use the 'extendable' keyword:

R1(config)#ip nat inside source static 192.168.7.1 1.1.1.20 extendable
R1(config)#ip nat inside source static 192.168.7.1 2.2.2..20 extendable

View solution in original post

hadi riyahiyan · ‎08-18-2019

tnx it works, webServer is accessed from both ISP1 and IPS2 but if IPS1 is not accessible, the Webserver cannot ping 3.3.3.3 !!!

paul driver · ‎08-19-2019

Hello

@hadi riyahiyan wrote:
tnx it works, webServer is accessed from both ISP1 and IPS2 but if IPS1 is not accessible, the Webserver cannot ping 3.3.3.3 !!!

Sounds like you need some monitoring on your routing, Below is a example of using default routing towards your isp's?

ip sla 1
icmp-echo <iSP1> source-ip <isp facing interlace ip>
ip sla schedule 1 life forever start-time now

track 10 ip sla 1

ip route 0.0.0.0 0.0.0.0 <isp1> name Primary_ISP track 10
ip route 0.0.0.0 0.0.0.0 <isp2> name Secondary_ISP 200

kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

hadi riyahiyan · ‎08-25-2019

thank you for your answer, I have IPSLA now but the problem is
in:
ip nat inside source static 192.168.7.1 1.1.1.20 extendable
ip nat inside source static 192.168.7.1 2.2.2..20 extendable
first NAT always run before the second one, so if ISP 1.1.1.1 is not in access router keep NATing by first NAT while web server will route by
"ip route 0.0.0.0 0.0.0.0 <isp2> name Secondary_ISP 200" (because of IPSLA) !!!
I want automatically NAT changed to "ip nat inside source static 192.168.7.1 2.2.2..20 extendable"

Georg Pauwen · ‎08-25-2019

Hello,

you could add the two EEM scripts below, in order to remove the redundant static NAT entry altogether if it is not in use. The script also clears the existing NAT translation so you don't have to wait for the it to time out...

Edit: Thinking about it again, I changed the order of the actions and put the 'clear ip nat translation *" at the end.

event manager applet CLEAR_NAT_DOWN
event track 1 state down
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip nat inside source static 192.168.7.1 1.1.1.20 extendable"
action 4.0 cli command "ip nat inside source static 192.168.7.1 2.2.2.20 extendable"
action 5.0 cli command "end"

action 6.0 cli command “clear ip nat translation *”

event manager applet CLEAR_NAT_UP
event track 1 state up
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip nat inside source static 192.168.7.1 2.2.2.20 extendable"
action 4.0 cli command "ip nat inside source static 192.168.7.1 1.1.1.20 extendable"
action 5.0 cli command "end"

action 6.0 cli command “clear ip nat translation *”

View solution in original post