Solved: NAT and multiple ISP - Page 2

jquintard · ‎07-21-2011

Hi,

Currently my NAT configuration is like this :

interface FastEthernet1/0

description ISP

ip address 172.16.10.2 255.255.255.0

ip nat outside

interface FastEthernet2/0

description Lan

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip route 0.0.0.0 0.0.0.0 172.16.10.1

ip nat inside source list 10 interface FastEthernet1/0 overload

access-list 10 permit 10.10.10.0 0.0.0.255

That work but I don't understand why the default route is required. Without that doesn't work. Why ?

I wand to add another ISP to used with IP addresses below 10.10.10.51. So I try to use an accesslist to capture trafic and change the route like this :

interface FastEthernet1/0

description ISP1

ip address 172.16.10.2 255.255.255.0

ip nat outside

interface FastEthernet2/0

description Lan

ip address 10.10.10.1 255.255.255.0

ip nat inside

interface FastEthernet3/0

description ISP2

ip address 172.16.20.2 255.255.255.0

ip nat outside

ip route 0.0.0.0 0.0.0.0 172.16.10.1

ip nat inside source list 10 interface FastEthernet1/0 overload

ip nat inside source list 20 interface FastEthernet3/0 overload

access-list 10 permit 10.10.10.0 0.0.0.50

access-list 20 permit 10.10.10.51 0.0.0.204

But with this configuration it's impossible with an IP address (like 10.10.10.20 or 10.10.10.100) to reach outside ?

Why that doesnt work, I dont understand ?

Is this possible tu use NAT like this ?

Must I use an ACL or RouteMap ?

Is this possible to use each ISP as backup to the other ?

Thanks for your help

Jerome

Marwan ALshawi · ‎07-25-2011

haha no but it is very good described i might use it if i forget subnetting

cheers,

Marwan

jquintard · ‎07-25-2011

Humm your tools it's perfect for simple wildcard but it seem impossible to give a complete wildcard like my request. No ?

Jon Marshall · ‎07-25-2011

For your type of request you do need to break it down into individual subnets as in the example given.

Jon

jquintard · ‎07-25-2011

Ok

So I think I have understand and if I'm right a wildcard is missing in your first answer :

192.168.0.0.to 192.168.0.50

192.168.0.0 0.0.0.31

192.168.0.32 0.0.0.15

host 192.168.0.48

host 192.168.0.49

host 192.168.0.50

Could verify this tests to validate I have understand your lesson :

192.168.0.1 to 192.168.0.28

192.168.0.0 0.0.0.15

192.168.0.16 0.0.0.7

192.168.0.24 0.0.0.3

host 192.168.0.28

192.168.0.65 to 192.168.0.90

host 192.168.0.65

host 192.168.0.66

host 192.168.0.67

192.168.0.68 0.0.0.3

192.168.0.72 0.0.0.7

192.168.0.80 0.0.0.7

host 192.168.0.88

host 192.168.0.89

host 192.168.0.90

192.168.0.80 to 192.168.0.128

192.168.0.80 0.0.0.15

192.168.0.96 0.0.0.31

host 192.168.0.128

I cross my fingers

Jerome

Jon Marshall · ‎07-25-2011

Jerome

192.168.0.0.to 192.168.0.50

192.168.0.0 0.0.0.31

192.168.0.32 0.0.0.15

host 192.168.0.48

host 192.168.0.49

host 192.168.0.50

Yes you are right, i did miss out .48 from my original reply. I could pretend it was a test to see if you understood it but i would be lying Good spot.

As for the rest, no need to cross your fingers you are spot on. Looks like you now have a good understanding of how this all works.

Jon

jquintard · ‎07-25-2011

John one word : Thanks (a lot)

Jerome

Jon Marshall · ‎07-25-2011

Jerome

No problem, glad to have helped.

Jon