Two ip nat command

CHUN FAI LAW · ‎03-17-2013

I would like to know more about the concept of nat command:

I am going to do some load balancing for router traffic, e.g. 10.1.0.X traffic use gi0/0.1 and 10.2.0.X use gi0/0.2

what is the result if two nat command present?

int gi0/0.1
ip nat outside

int gi0/0.2
ip nat outside

int gi0/1
ip nat inside

ip policy route-map nwt-vlanvip

ip nat source list 10 int gi0/0.1 overload
ip nat source list 10 int gi0/0.2 overload

ip route 0.0.0.0 0.0.0.0 int gi0/0.1

access-list 1 10.1.0.0 0.0.0.255
access-list 2 10.2.0.0 0.0.0.255

access-list 10 10.1.0.0 0.0.0.255
access-list 10 10.2.0.0 0.0.0.255

route-map nwt-vlanvip permit 10
match ip address 1
set int gi0/0.1 gi0/0.2

route-map nwt-vlanvip permit 10
match ip address 2
set int gi0/0.2 gi0/0.1

CHUN FAI LAW · ‎03-17-2013

i test the command with same source list will be replace each other

jawad-mukhtar · ‎03-18-2013

ip nat source list 10 int gi0/0.1 overload
ip nat source list 10 int gi0/0.2 overload

both are calling acl 10 and natting 10.1.0.x and 10.2.0.x subnet

route-map nwt-vlanvip permit 10
match ip address 1
set int gi0/0.1 gi0/0.2

route-map nwt-vlanvip permit 10
match ip address 2
set int gi0/0.2 gi0/0.1

NOw See Route Map

nwt-vlanvip

Iits calling acl 1

10.1.x is routed towards

gi0/0.1 gi0/0.2

route-map nwt-vlanvip

its calling acl 2

10.2.x is routeed towards

route-map nwt-vlanvip

*** Do Rate Helpful Posts***

Jawad

cadet alain · ‎03-18-2013

Hi,

you must use route-maps in your NAT statements like this:

route-map OVERLOAD_1

match interface g0/0.1

route-map OVERLOAD_2

match interface g0/0.2

ip nat source route-map OVERLOAD_1 int gi0/0.1

ip nat source route-map OVERLOAD_2 int gi0/0.2

Also in your PBR you are specifying a multipoint outgoing interface and it will have the same behaviour as specifying an exit interface in a static route, that is if the next-hop has proxy-arp disabled the ARP process will fail and your PBR and NAT won't be working correctly so you better change the interface by next-hop.

Regards

Alain

Don't forget to rate helpful posts.

CHUN FAI LAW · ‎03-18-2013

Is it match interface under the route map that means, if the packet is going to go out though int gi0/0.2 will use the second nat command for tranlate the header? This kind of setting seems can doing for load balancing and redundancy issue, thx so much!!

CHUN FAI LAW · ‎03-18-2013

I think if i doing with this setting would be better!!!

int gi0/0.1
ip nat outside

int gi0/0.2
ip nat outside

int gi0/1
ip nat inside
p policy route-map nwt-vlanvip

ip route 0.0.0.0 0.0.0.0 int gi0/0.1

access-list 1 10.1.0.0 0.0.0.255
access-list 2 10.2.0.0 0.0.0.255

route-map nwt-vlanvip permit 10
match ip address 1
set ip next-hop 1.1.1.1

route-map nwt-vlanvip permit 10
match ip address 2
set ip next-hop 2.2.2.2

route-map OVERLOAD_1
match interface g0/0.1

route-map OVERLOAD_2
match interface g0/0.2

ip nat source route-map OVERLOAD_1 int gi0/0.1
ip nat source route-map OVERLOAD_2 int gi0/0.2

cadet alain · ‎03-18-2013

Hi,

don't forget the keyword inside in your NAT statements: ip nat inside source ...

Regards

Alain

Don't forget to rate helpful posts.

cadet alain · ‎03-18-2013

Hi,

yes exactly as routing is done before NAT if you've got multiple NAT outside interface then you need to tell the router how a packet routed out an exit interface will get natted.

Regards.

Alain

Don't forget to rate helpful posts.