Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MultiHomed NAT

Status
Not open for further replies.

allanporto

IS-IT--Management
Jul 24, 2003
14
BR
Hi Guys,
I was make here some question to make Failover with two different ISP, and now I want try to use NAT in this process.
With the follow configuration I can go to outside side with the especified IP pool address, but if I try to access some inside server that have IP address of ISP(a) nothing happens.


interface FastEthernet0/0
description ISP(a) Link
ip address 100.0.0.2 255.255.255.252

interface Serial0/0
description ISP(b) Link
ip address 200.0.0.2 255.255.255.252
ip nat outside

interface FastEthernet0/1
description Inside Interface
ip address 100.0.1.129 255.255.255.192
ip nat inside

ip route 0.0.0.0 0.0.0.0 100.0.0.1
ip route 0.0.0.0 0.0.0.0 200.0.0.1 100
ip route 100.0.1.128 255.255.255.192 FastEthernet0/1
ip route 200.0.1.0 255.255.255.192 FastEthernet0/1

ip nat inside source list 101 pool isp-b
ip nat pool 200.0.1.10 200.0.1.20 netmask 255.255.255.192

access-list 101 permit ip 100.0.1.128 0.0.0.64 any

What is need to access my inside servers?
 
My suggestion, use BGP for the multiple ISP conections. I would explain more but as I have only three hours of sleep and am drained today I'm not going to explain much more.

This is my suggestion, router1 BGP to ISP A, Router2 BGP to ISP B, direct traffic flow. Create another NAT pool for the ISP A address range. (Iknow not a great explenation..best I can do at the moment running on fumes and heading home for rest).

 
Tschouten, the great problem is make this connection without BGP. I want use BGP if nothing more I can do.

Now I try to map inside local ip with inside global ip using no-alias, but the problem was the same

ip nat inside souce static 100.0.1.10 200.0.1.10 no-alias

In this example, the inside traffic work fine but when outside try to access 100.0.1.10 nothing happens.
 
You need to put the ip nat ouside on the fastether 0/0 interface as well. Sorry should have mentioned that as well.
 
also depending on how many users you have accessing outside the network (being translated) you may want to create your pools as overload so they can handle translating multiple addresses.
 
The same problem. If I put the ip nat outside on fastethernet 0/0 nothing happens.
 
Ok here is an example with multiple ISPs using static NAT translations. You can use dynamic ones as well, but I thought this explained it better.

Enabling Static NAT Route Mapping
To enable route mapping with static NAT configurations, use the following command in global configuration mode:


Command Purpose
Router(config)# ip nat inside source {list {access-list-number | access-list-name} pool pool-name [overload] | static local-ip global-ip route-map map-name} Enables route mapping with static NAT translation configured on the NAT inside interface.


Verifying Static NAT Route Mapping
To verify the static NAT route mapping configuration, use the following command in privileged EXEC mode:


Command Purpose
Router# show ip nat translations [verbose] Displays active NAT translations.


Configuration Examples
This section provides the following configuration example:

Enabling Static NAT Route Mapping
Enabling Static NAT Route Mapping Example
The following example shows the use of route mapping with static NAT translations:

interface Ethernet3
ip address 172.68.1.100 255.255.255.0
ip nat outside
media-type 10BaseT
!
interface Ethernet4
ip address 192.68.1.100 255.255.255.0
ip nat outside
media-type 10BaseT
!
interface Ethernet5
ip address 11.1.1.100 255.255.255.0
ip nat inside
media-type 10BaseT
!
router rip
network 172.68.0.0
network 192.68.1.0
!
ip nat inside source static 11.1.1.2 192.68.1.21 route-map isp2
ip nat inside source static 11.1.1.2 172.68.1.21 route-map isp1
ip nat inside source static 11.1.1.1 192.68.1.11 route-map isp2
ip nat inside source static 11.1.1.1 172.68.1.11 route-map isp1
access-list 101 permit ip 11.1.1.0 0.0.0.255 172.0.0.0 0.255.255.255.
access-list 102 permit ip 11.1.1.0 0.0.0.255 192.0.0.0 0.255.255.255
!
route-map isp2 permit 10
match ip address 102
set ip next-hop 192.68.1.1
!
route-map isp1 permit 10
match ip address 101
set ip next-hop 172.68.1.1
 
If the above post just confused you let me know...will try to explain it better. But I am going to take a nap now so I'll be back later.
 
Tschouten. My scene is on
Is possible to work static nat with the same address:

ip nat inside source static 100.0.1.10 100.0.1.10 route-map isp-a
ip nat inside source static 100.0.1.10 200.0.1.10 route-map isp-b

access-list 101 permit ip 100.0.1.0 0.0.0.64 100.0.1.0 0.0.255.255
access-list 102 permit ip 100.0.1.0 0.0.0.64 200.0.1.0 0.0.255.255

route-map isp-a permit 10
match ip address 101
set ip next-hop 100.0.0.1

route-map isp-b permit 10
match ip address 102
set ip next-hop 200.0.0.1

ip route 0.0.0.0 0.0.0.0 200.0.0.1
ip route 0.0.0.0 0.0.0.0 100.0.0.1 50

What do you think?
 
Yes that should work, one question I have is are there going to be any other hosts needing access to the outside? If so you might want to create a dynamic list, or creat a static to a proxy server and overload that static connection (so it can handle more than one network flow). Up to you on that one, but yes this should work.
 
Crap, I thought I saw two different addresses in your static statements. No, that won't work, sorry I didn't catch that until just now.
 
Ok. I'll modify all my outside pix address and try this configuration. I should wait that it work.
 
Hi!
Yesterday, I was change all IP address and put static nat on router. Now everything is going ok. Inside my router, all network don't use real IP address.

In this moment my configuration for proxy server is:
ip nat inside source static 192.168.10.30 200.0.1.30

What do you think if I change to:
ip nat inside source static 192.168.10.30 100.0.1.30 route-map isp-a
ip nat inside source static 192.168.10.30 200.0.1.30 route-map isp-b


 
I think it should work (stressing the should), I haven't tried using a route-map with NAT yet. But from what I understand about everything it looks like a valid theory. Try it if it fails post some nat translations and what not.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top