11-21-2011 02:00 AM - edited 03-04-2019 02:21 PM
Here is wery pretty article about NAT with multi-homing connection to Internet
http://www.nil.si/ipcorner/SmallSiteMultiHoming/
But i do not understand IOS and NAT logic in this commands (Listing 2):
ip nat inside source route-map ISP_A interface Serial0/0/0 overload
ip nat inside source route-map ISP B interface Serial0/0/1 overload
!
route-map ISP_A permit 10
match interface Serial0/0/0
!
route-map ISP_B permit 10
match interface Serial0/0/1
For me is equal to:
ip nat inside source (match interface Serial0/0/0) interface Serial0/0/0 overload
The explanation is not clear for me too:
NOTE
Having two route-maps matching outgoing interfaces (the match interfacestatement in a NAT route-map matches outgoing interface) is the only way to configure per-interface NAT pools in Cisco IOS.
Can anybody explain NAT logic in this example?
Solved! Go to Solution.
11-21-2011 01:30 PM
simply NAT performed after Routing lookup
so it is not going to backhole th traffic
traffic comes if there is nat on the interface lets say from inside interface then the router first will look how to route the traffic to the actual destination IP then once it gose out a certain interface it will use the nat outside and static nat statement
but with the use of two interfaces with two static nat cisco IOS will always look on the first NAT command and this will be problem when the traffic is being routed over the second interface with differnt NAT and IP
by using match interface what you actually doing you adding a policy that match the exist interface whcih will enforce the NAT to use the relevant static NAT as mentioned becuase the routing done before NATing so the exist interface already selected
hope this help
if helpful Rate
11-21-2011 02:41 AM
Hello,
No,you're wrong. Router doesn't know how to do NAT on a particular interface. In case you have 2 WANs If you don't use route-map to control it. You might get blackhole when one interface goes down. Routes are gone but NAT still does.
!
ip nat inside source (match interface Serial0/0/0) interface Serial0/0/0 overload
!
The above command is to do NAT with IP address assigned to Serial0/0/0. Router doesn't check anything when Serail0/0/0 goes down. Router still does NAT for you but routes are gone. See problem when you have 2 WANs?
HTH,
Toshi
11-21-2011 01:30 PM
simply NAT performed after Routing lookup
so it is not going to backhole th traffic
traffic comes if there is nat on the interface lets say from inside interface then the router first will look how to route the traffic to the actual destination IP then once it gose out a certain interface it will use the nat outside and static nat statement
but with the use of two interfaces with two static nat cisco IOS will always look on the first NAT command and this will be problem when the traffic is being routed over the second interface with differnt NAT and IP
by using match interface what you actually doing you adding a policy that match the exist interface whcih will enforce the NAT to use the relevant static NAT as mentioned becuase the routing done before NATing so the exist interface already selected
hope this help
if helpful Rate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide