04-07-2009 11:49 AM - edited 03-04-2019 04:17 AM
I have one 2800 series router which is connected to ISP providers. I dont have any FW inside my network.
Here is my requiremetns
user-- Router-- ISP1
ISP2
ISP1 Public pool is 1.1.1.1
ISP2 Public POOL is 2.2.2.2
Internal private pool is 192.168.1.0
1) ISP2 should be backup to primary.
2)I hope defaults can configured like this
ip route 0.0.0.0 0.0.0.0 isp1
ip route 0.0.0.0 0.0.0.0 isp2 100
How the NATing will be configured to use pirmary (ISP1) and secondary as a backup(ISP2)
3) Do we need to implement the policy map?
Regards
sateesh kumar.k
04-07-2009 12:09 PM
Sateesh:
Yes, you can use a route map. In fact, you use two of them.
What you do is bind the NAT functions to the respective output interfaces. The output interface the router selects will depend on the availability of the route out that interface. That, in turn, will tell the router which NAT statement is applicable.
Please look at this link. I think you will find it very helpful.
http://ccietobe.blogspot.com/2008/08/nat-redundancy-with-route-maps.html
HTH
Victor
04-07-2009 12:24 PM
Hi,
Thanks for your prompt response.
if any request comes from 192.168.100.0 it will match both the route-maps. When packet leaving the outside the network how the packet know that it sholud go to ISP1? I hope it should be based on default route only ryt.
But With below mentioned default routes its not working..
ip route 0.0.0.0 0.0.0.0 ISP1
ip route 0.0.0.0 0.0.0.0 ISP2 5
secodnary ISP should be always as backup.
Regards
sateesh
04-07-2009 12:58 PM
Sateesh:
"if any request comes from 192.168.100.0 it will match both the route-maps."
No, it won't because you are using TWO criteria to match with:
1.) The source network address
2.) The output interface
The output interface is determined by the routing process on your router. In your case, it's the static routes.
"When packet leaving the outside the network how the packet know that it sholud go to ISP1?"
You are going to have two default routes available. If you want a primary/failover set up, then you will make the ISP2 default route a floating static so that it will only be placed in the routing table in the event that the link to ISP1 fails.
[EDIT] It may help for you to understand the order of operations for NAT interfaces.
When a packet enters a router through the NAT "inside" interface, it will first be routed and then NAT'ed. [EDIT]
HTH
Victor
04-07-2009 01:17 PM
Hi
it will first be routed and then NAT'ed..
This cleared all my doubts. But pl.find the below final config
ip nat inside source route-map ISP-A interface Serial2/1 overload
ip nat inside source route-map ISP-B interface Serial2/0 overload
!
!
ip access-list extended LAN-NATTED-OUT
permit ip 10.15.7.0 0.0.0.255 any
!
route-map ISP-B permit 10
match ip address LAN-NATTED-OUT
match interface Serial2/0
!
route-map ISP-A permit 10
match ip address LAN-NATTED-OUT
match interface Serial2/1
ip route 0.0.0.0 0.0.0.0 ISPA
ip route 0.0.0.0 0.0.0.0 ISPB 50
I hope with abv config it shld work ryt? but its not working what could be the issue...
With same config somebody tested live..but its not working..
Regards
sateesh
04-07-2009 01:23 PM
Sateesh:
Can you post the device's entire configuration?
Can you also post the route table?
Can you lastly post a "sh ip int brief"?
Victor
04-07-2009 02:01 PM
Hi,
This is not yet implemented who implemented the same with the same config, its not working.
I am sorry to say that i can`t provide the required info.
Will this scenario work with the config which i have provided to you.
Regards
sateesh
04-07-2009 02:08 PM
From what I see, yes, the configuration looks good.
Are you sure you have configured the NAT "inside" and "outside" statements under the appropriate interfaces?
Victor
04-07-2009 03:51 PM
.
04-07-2009 04:25 PM
04-07-2009 04:37 PM
Edison, do you see a reason right off the bat why his configuration would not work?
Thx
Victor
04-08-2009 04:31 AM
Edison...Edison...Edison...?
Bueller....Bueller...Bueller...?
04-08-2009 05:50 AM
Victor,
Troubleshoot.
show ip nat trans
show ip nat stat
show ip route
Will certainly help...
04-08-2009 06:59 AM
Wow! What a NON-answer. :-)
If I had some equipment in front of me I would "troubleshoot." But since you recommended a thread after the OP said my set up didnt work, I thought perhaps you had a definite clue as to what was wrong.
Thanks anyway
04-08-2009 08:38 AM
Hi,
This much of big tread for the same.
If i follow the same will this work.
Regards
sateesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide