07-21-2011 12:10 PM - edited 03-07-2019 01:20 AM
Hi,
Currently my NAT configuration is like this :
interface FastEthernet1/0
description ISP
ip address 172.16.10.2 255.255.255.0
ip nat outside
interface FastEthernet2/0
description Lan
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip route 0.0.0.0 0.0.0.0 172.16.10.1
ip nat inside source list 10 interface FastEthernet1/0 overload
access-list 10 permit 10.10.10.0 0.0.0.255
That work but I don't understand why the default route is required. Without that doesn't work. Why ?
I wand to add another ISP to used with IP addresses below 10.10.10.51. So I try to use an accesslist to capture trafic and change the route like this :
interface FastEthernet1/0
description ISP1
ip address 172.16.10.2 255.255.255.0
ip nat outside
interface FastEthernet2/0
description Lan
ip address 10.10.10.1 255.255.255.0
ip nat inside
interface FastEthernet3/0
description ISP2
ip address 172.16.20.2 255.255.255.0
ip nat outside
ip route 0.0.0.0 0.0.0.0 172.16.10.1
ip nat inside source list 10 interface FastEthernet1/0 overload
ip nat inside source list 20 interface FastEthernet3/0 overload
access-list 10 permit 10.10.10.0 0.0.0.50
access-list 20 permit 10.10.10.51 0.0.0.204
But with this configuration it's impossible with an IP address (like 10.10.10.20 or 10.10.10.100) to reach outside ?
Why that doesnt work, I dont understand ?
Is this possible tu use NAT like this ?
Must I use an ACL or RouteMap ?
Is this possible to use each ISP as backup to the other ?
Thanks for your help
Jerome
Solved! Go to Solution.
07-25-2011 03:09 AM
haha no but it is very good described i might use it if i forget subnetting
cheers,
Marwan
07-25-2011 10:07 AM
Humm your tools it's perfect for simple wildcard but it seem impossible to give a complete wildcard like my request. No ?
07-25-2011 10:31 AM
For your type of request you do need to break it down into individual subnets as in the example given.
Jon
07-25-2011 11:54 AM
Ok
So I think I have understand and if I'm right a wildcard is missing in your first answer :
192.168.0.0.to 192.168.0.50
192.168.0.0 0.0.0.31
192.168.0.32 0.0.0.15
host 192.168.0.48
host 192.168.0.49
host 192.168.0.50
Could verify this tests to validate I have understand your lesson :
192.168.0.1 to 192.168.0.28
192.168.0.0 0.0.0.15
192.168.0.16 0.0.0.7
192.168.0.24 0.0.0.3
host 192.168.0.28
192.168.0.65 to 192.168.0.90
host 192.168.0.65
host 192.168.0.66
host 192.168.0.67
192.168.0.68 0.0.0.3
192.168.0.72 0.0.0.7
192.168.0.80 0.0.0.7
host 192.168.0.88
host 192.168.0.89
host 192.168.0.90
192.168.0.80 to 192.168.0.128
192.168.0.80 0.0.0.15
192.168.0.96 0.0.0.31
host 192.168.0.128
I cross my fingers
Jerome
07-25-2011 12:25 PM
Jerome
192.168.0.0.to 192.168.0.50
192.168.0.0 0.0.0.31
192.168.0.32 0.0.0.15
host 192.168.0.48
host 192.168.0.49
host 192.168.0.50
Yes you are right, i did miss out .48 from my original reply. I could pretend it was a test to see if you understood it but i would be lying Good spot.
As for the rest, no need to cross your fingers you are spot on. Looks like you now have a good understanding of how this all works.
Jon
07-25-2011 12:29 PM
John one word : Thanks (a lot)
Jerome
07-25-2011 12:57 PM
Jerome
No problem, glad to have helped.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide