2811 basic nat configuration

jfrackoviak · ‎03-23-2011

I'm new to configuring a router and I'm lost and I might be over thinking the whole thing but I figured I'd post and see what I get. I have a link balancer that is getting 2 internet connection from the same isp and because both of the internet connections are coming from the same isp they are within the same subnet. Each internet connection has 13 static IP's associated with it. My link balancer is obviously not going to be able to accept both internet connections on the same subnet because there is no way its going to be able to do the routing. I thought I could creat a simple static nat that would allow me to fool the link balancer into thinking on of the conenctions was on a different subnet. Basically both of these connections are in front of my firewall so I would really just like the router to NAT everything on one IP and translate it to another IP.

Internet connection 1: 96.212.211.194 - 206

Internet connection 2: 96.212.211.210 - 222

My link balancer on its wan links takes 1 IP so:

wan1: 96.212.211.194

wan2: 192.168.1.2 - hopefully translated by the router

The router has 2 FastEthernet ports 0/0 and 0/1 I've been trying to just configure a static nat and at this point don't even have a starting configuration and I'm hoping to be pointed in the right direction. Right now the only thing I have on the router and I'm not even sure if its correct is

FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

duplex auto

speed auto

FastEthernet0/1

ip address 96.212.211.210 255.255.255.0

ip nat outside

duplex auto

speed auto

I thought I would be able to simply say something like

ip nat inside source static 192.168.1.2 96.212.211.210

Thanks in advance for any help or any direction you can point me in

Akula Jyoti Lakshmi · ‎03-26-2011

If I understood your requirement correctly,you have 2 ISP connections. Would like to use one as prmiary and one as secondary, in case one fails...

In such scenario, you should either go with NAT over DUAL ISP config, or PBR

Configuring NAT:
==================

For configuring NAT we have to create a route-map which matches the interface.

 route-map NAT1
match interface 

 route-map NAT2
match interface 

Create Nat rules.

ip nat inside source route-map NAT1 < interface connected to WAN1> overload
ip nat inside source route-map NAT2 < interface connected to WAN2> overload

For this we need to configure two things :

1)      PBR : Policy based routing to send traffic to specific ISP next hop depending on the source 
of the packet.

2)      NAT : For natting the traffic as per the outgoing interface.

Configuration of PBR:
======================

Create an access-list containing the subnet that needs to go through WAN connection 1:

For WAN1

ip access-list 101 permit 192.168.1.0 0.0.0.255 any

For WAN2

ip access-list 102 permit 192.168.2.0 0.0.0.255 any

Now create a route-map to direct traffic matching access-list 101 to WAN1 next hop and the one 
matching 102 to WAN2 next hop:

route-map test permit 10
match ip address 101
set ip next-hop 

route-map test permit 20
match ip address 102
set ip next-hop 

Apply this route-map to the interface from which we receive traffic. 

ip policy route-map test

Please rate the post if it helps.

Regards,

Jyoti

Akula Jyoti Lakshmi · ‎03-26-2011

And coming to start with only one WAN connection, you should configure router as below,

interface FastEthernet0/1  <<<<< WAN interface
 ip address 96.212.211.210 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
end
!
interface Vlan1 <<< Internal Management interface 
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
end
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any 
!
ip nat inside source list 101 interface FastEthernet0/1 overload >>> Configure nat
!
ip route 0.0.0.0 0.0.0.0