Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5109
Views
0
Helpful
21
Replies

Multiple Default Routes, one wan interface, Cisco 2821 Router

cktechnology
Level 1
Level 1

‎07-07-2017 09:37 AM - edited ‎03-08-2019 11:14 AM

Hi Everyone!

Our IT person is out of the country on vacation and we have a serious problem. We need to add a new /29 IP WAN block to our network as we need more servers to get assigned public IPs. Currently, we have one /29 assigned to our IG0/0 interface. The first ip is primary and the other four are listed as secondary. We had our ISP forward another /29 block to us over our fiber connection and i simply added the other 5 as secondary. Of course this didn't work because the default router (ip route 0.0.0.0 0.0.0.0 x.x.x.x x.x.x.x is going to another gateway. The new IP block has a different gateway.

I tried to simply add a second default router, but of course, that caused all sort of routing problems. I suspect i need some ACLs or something, but i'm just not that versed in cisco.

Can anyone help point me in the right direction?


Thanks so much!

Labels:
0 Helpful
21 Replies 21

Jon Marshall
Hall of Fame
Hall of Fame
In response to Sam Smiley

‎07-07-2017 12:45 PM

Sam

I had a look at the other thread and your answer here as well and I may be misunderstanding but for a static port translation the return traffic from the server would use the static translation because there is an entry in the NAT table.

Jon

0 Helpful

Sam Smiley
Level 3
Level 3
In response to Jon Marshall

‎07-07-2017 01:45 PM

Hi Jon, If you just add the translation it will go out through route map NAT in this case. Just adding a static port translation will not force the traffic out the same IP as it is translated. Lets use an example; say you have IP block 123.123.123.120/29. You assign 123.123.123.121 to int gi0/0 and create port translations for 122,123, 124,125, etc. Unless you create NAT pools as described in the above link all outbound traffic will go out 123.123.123.121. At least this has been my experience through 12.4, it has been a long time since I have used secondary addresses on an interface.

Regards,
Sam

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Sam Smiley

‎07-07-2017 02:04 PM

Hi Sam

My understanding was that as soon as you create a static NAT that is a permanent entry in the translation table which means it will always take precedence.

So if you send traffic to a server with a static port translation the return traffic will use the same translation which I just tested and it worked as expected.

If however the server sent traffic from another port ie. not one where there was a static translation set up then I agree with what you say.

That said I could be wrong because I often am :)

Jon

0 Helpful

Sam Smiley
Level 3
Level 3
In response to Jon Marshall

‎07-07-2017 02:04 PM

You are correct on the static translations taking precedence. I have not encountered it as you describe. The translation is inbound from a public IP to a private IP, unless you configure NAT to translate it the other way it is going out the default translation. Your comment about using another port is spot on, I've chased down more than one app trying to allow it through a NAT translation because the response uses a different port.

I will generally configure something similar to the link above for customers that need multiple public addresses. I guess I'm going to have to dig out my spare ISR to build a lab on this.

I too could be wrong, there is an ol' saying that if you have never made mistakes you haven't learned anything. I learn a LOT every day! I'm not afraid to try something.

Regards,
Sam

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Sam Smiley

‎07-07-2017 02:24 PM

Sam

With a static NAT it apples in both directions so you should not need to configure it both ways if you see what I mean.

However I have seen configurations similar to yours before which is really why I posted because it may well be something I am misunderstanding.

So if you do get around to testing would be interested to hear the results.

Jon

0 Helpful

Sam Smiley
Level 3
Level 3
In response to Jon Marshall

‎07-09-2017 04:23 PM

Hi Jon,
I have a lab up that we can play around with; as expected the static NAT statement does allow for inbound translation however outbound does go out the default translation assigned to the WAN interface. I'll be happy to share my configs and findings, don't want to muck up the OP thread. Would you like me to send it to you or open another thread?

Regards,
Sam

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Sam Smiley

‎07-10-2017 01:26 AM

Hi Sam 

You can send them to me at jms.123@hotmail.co.uk and when I get the chance I will lab it up. 

I will be interested to test this :) 

Jon

0 Helpful
Customers Also Viewed These Support Documents