Using NAT through multiple interfaces 1

[IllegalOperation]

Hello, I have a quick general question regarding NAT. Im sure this was probably asked before, but I dont see anything on the first couple pages (dont see any answers on the Cisco site either).

Say I have a 7206 router, with two physical WAN interfaces (two T1s from the same provider using load balancing). Lets say I want to use NAT for my private internal subnets, using a public IP address with overload. How would this be configured, since there are actually TWO physical "outside" WAN interfaces? Would/could the loopback interface be used? Do the two physical circuits need to be combined into a single virtual path?

Thanks in advance...

 

[IllegalOperation]

I did some further investigations, and the best solution I can find is through the use of route-maps.


"The dynamic translation command can now specify a route-map to be processed instead of an access-list. A route-map allows the user to match any combination of access-list, next-hop IP address, and output interface to determine which pool to use."

I am not sure that this applies to my situation however, because I only want to have one pool - instead of multiple pools.

Any thoughts? Thanks

 

[tbilan]

I'd do NAT on the firewall before the router.

If you do NAT on the router you'd have different NAT ranges per WAN interface since each interface has it's own subnet plus that would limit your incoming speed to the speed of a single link.

Do you plan on load-balancing your traffic or is this for redundancy?

I've never seen this scenario before so maybe someone else has some good ideas.


Tom Bilan
TJBA, Inc.
CCNP, CCDP, MCSE & CNE

 

[IllegalOperation]

Thanks Tom. The problem is, this router is also going to act as my firewall. NAT has to be done on it. I have to integrate everything on this router to cut costs, as I am already over my budget. To answer your question, yes these two WAN circuits will be load balanced.

So how does NAT work when the traffic is being balanced between two physical WAN interfaces?

 

[tbilan]

You're going to want to talk to the Cisco TAC.

I don't think you'll be able to load balance it because of the way NAT works by taking the IP of the serial subnet of the physical interface.


Tom Bilan
TJBA, Inc.
CCNP, CCDP, MCSE & CNE

 

[IllegalOperation]

Ok, but how do situations like this normally get handled? What is the solution for people that use NAT in their network that consists of two physical WAN links? I thought this would be a common occurance. Sounds like the answer to this problem is to get an additional router, right?

 

[tbilan]

Depending on what is on the other side you may be able to do a multi-link bundle and then assign that virtual interface as 'ip nat outside' but you'd need to have multi-link support on the remote side etc.

You happen to be the only person I know who wants to NAT and load balance 2 physical WAN interfaces so I don't think it's a normal occurrence. (Even though it doesn't sound like something that would be un-normal)


Tom Bilan
TJBA, Inc.
CCNP, CCDP, MCSE & CNE