03-17-2013 09:51 PM - edited 03-04-2019 07:19 PM
I would like to know more about the concept of nat command:
I am going to do some load balancing for router traffic, e.g. 10.1.0.X traffic use gi0/0.1 and 10.2.0.X use gi0/0.2
what is the result if two nat command present?
int gi0/0.1
ip nat outside
int gi0/0.2
ip nat outside
int gi0/1
ip nat inside
ip policy route-map nwt-vlanvip
ip nat source list 10 int gi0/0.1 overload
ip nat source list 10 int gi0/0.2 overload
ip route 0.0.0.0 0.0.0.0 int gi0/0.1
access-list 1 10.1.0.0 0.0.0.255
access-list 2 10.2.0.0 0.0.0.255
access-list 10 10.1.0.0 0.0.0.255
access-list 10 10.2.0.0 0.0.0.255
route-map nwt-vlanvip permit 10
match ip address 1
set int gi0/0.1 gi0/0.2
route-map nwt-vlanvip permit 10
match ip address 2
set int gi0/0.2 gi0/0.1
03-17-2013 11:38 PM
i test the command with same source list will be replace each other
03-18-2013 12:31 AM
ip nat source list 10 int gi0/0.1 overload
ip nat source list 10 int gi0/0.2 overload
both are calling acl 10 and natting 10.1.0.x and 10.2.0.x subnet
route-map nwt-vlanvip permit 10
match ip address 1
set int gi0/0.1 gi0/0.2
route-map nwt-vlanvip permit 10
match ip address 2
set int gi0/0.2 gi0/0.1
NOw See Route Map
nwt-vlanvip
Iits calling acl 1
10.1.x is routed towards
gi0/0.1 gi0/0.2
route-map nwt-vlanvip
its calling acl 2
10.2.x is routeed towards
route-map nwt-vlanvip
*** Do Rate Helpful Posts***
03-18-2013 12:50 AM
Hi,
you must use route-maps in your NAT statements like this:
route-map OVERLOAD_1
match interface g0/0.1
route-map OVERLOAD_2
match interface g0/0.2
ip nat source route-map OVERLOAD_1 int gi0/0.1
ip nat source route-map OVERLOAD_2 int gi0/0.2
Also in your PBR you are specifying a multipoint outgoing interface and it will have the same behaviour as specifying an exit interface in a static route, that is if the next-hop has proxy-arp disabled the ARP process will fail and your PBR and NAT won't be working correctly so you better change the interface by next-hop.
Regards
Alain
Don't forget to rate helpful posts.
03-18-2013 01:37 AM
Is it match interface under the route map that means, if the packet is going to go out though int gi0/0.2 will use the second nat command for tranlate the header? This kind of setting seems can doing for load balancing and redundancy issue, thx so much!!
03-18-2013 01:49 AM
I think if i doing with this setting would be better!!!
int gi0/0.1
ip nat outside
int gi0/0.2
ip nat outside
int gi0/1
ip nat inside
p policy route-map nwt-vlanvip
ip route 0.0.0.0 0.0.0.0 int gi0/0.1
access-list 1 10.1.0.0 0.0.0.255
access-list 2 10.2.0.0 0.0.0.255
route-map nwt-vlanvip permit 10
match ip address 1
set ip next-hop 1.1.1.1
route-map nwt-vlanvip permit 10
match ip address 2
set ip next-hop 2.2.2.2
route-map OVERLOAD_1
match interface g0/0.1
route-map OVERLOAD_2
match interface g0/0.2
ip nat source route-map OVERLOAD_1 int gi0/0.1
ip nat source route-map OVERLOAD_2 int gi0/0.2
03-18-2013 02:17 AM
Hi,
don't forget the keyword inside in your NAT statements: ip nat inside source ...
Regards
Alain
Don't forget to rate helpful posts.
03-18-2013 02:16 AM
Hi,
yes exactly as routing is done before NAT if you've got multiple NAT outside interface then you need to tell the router how a packet routed out an exit interface will get natted.
Regards.
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide