Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1265
Views
0
Helpful
1
Replies

Route Map and Static NAT

hwongnc4inc
Level 1
Level 1

‎02-22-2012 03:30 PM - edited ‎03-04-2019 03:23 PM

Hi everyone,

I have a site where my main ISP is providing a 10M ethernet drop.  The site also has a 10M dsl line as a backup.  The main ISP has assigned me 3.3.3.0/26 for me to use as the ethernet drop itself is a /30.  I'm having some problems with a static NAT.  As you can see from my config, I'm doing PBR which seems to work fine.  The problem is when my box at 10.1.0.5 goes out, it's being NAT'ed as the IP from the NAT pool, 3.3.3.2 instead of the static NAT, 3.3.3.3.  I see the static NAT in the NAT translation table, but it's not being used.

I have this working at one of my other sites, but the difference is that the main ISP's ethernet drop is a /28, so I'm able to use static IPs from that same block without any issues.

This problem seems to be a NAT issue with the routed IP block.  What am I missing?

Thanks,

hw

Portion of my config:

track 101 ip sla 1 reachability

delay down 15 up 30

!

track 102 ip sla 2 reachability

delay down 15 up 30

!

interface FastEthernet8

description ISP1

ip address 1.1.1.2 255.255.255.252

ip nat outside

!

interface Vlan2

description ISP2

ip address 2.2.2.2 255.255.255.248

ip nat outside

!

interface Vlan5

ip address 172.18.0.1 255.255.255.248

ip nat inside

ip policy route-map PBR

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 101

ip route 0.0.0.0 0.0.0.0 2.2.2.1 100 track 102

ip route 10.1.0.0 255.255.255.0 172.18.0.2

ip nat pool NAT-OUT 3.3.3.2 3.3.3.2 netmask 255.255.255.192

ip nat inside source route-map ISP1 pool NAT-OUT overload

ip nat inside source route-map ISP2 interface Vlan2 overload

ip nat inside source static 10.1.0.5 3.3.3.3 route-map ISP1 extendable

!

ip access-list extended nat-list

permit ip 10.1.0.0 0.0.0.255 any

!

ip sla 1

icmp-echo 4.2.2.2 source-interface FastEthernet8

timeout 500

frequency 10

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 8.8.8.8 source-interface Vlan2

timeout 500

frequency 10

ip sla schedule 2 life forever start-time now

!

route-map PBR permit 10

match ip address nat-list

set ip next-hop verify-availability 1.1.1.1 1 track 101

!

route-map PBR permit 20

match ip address nat-list

set ip next-hop verify-availability 2.2.2.1 1 track 102

!

route-map ISP2 permit 10

match ip address nat-list

match interface Vlan2

!

route-map ISP1 permit 10

match ip address nat-list

match interface FastEthernet8

Labels:
0 Helpful
1 Reply 1

ammahend
VIP
VIP

‎02-25-2012 06:13 PM

can you paste :

show ip nat translation (with primary interface active)

show ip nat translation (with backup interface active)

show ver | in image

Thank you

Ambuj

-hope this helps-
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card