Solved

Cisco 3620 NAT Question

Posted on 2004-04-05
2
438 Views
Last Modified: 2012-06-22
I have a router setup as follows


T1(S0/0)-------|                                            |---(E0/0 Public IP clients)
                       ----(CEF/Load Per Packet)------
T1(S0/1)-------|                                            |---(E0/1 NAT Masqueade clients)


Right now I have a simple NAT setup, which NATs via S0/1 and S0/0,  but what I really want to
do is NAT Masqueade via one of the Public IPs from E0/0 (204.120.117.10),  and then via both
S0/0 and S0/1.

With my Current setup all my NAT clients appear to have the 'Serial 0/0' IP address and therefore
all incoming traffic flows over the S0/0 T1,  which causes a problem because the T1 lines are not
load balancing correctly.
 

Can someone help with a config?      My old config is below :  

Thanks

Mark Anderson

--------------------------------------------------------------------------------------------------------
hostname ANY1-R1
!
no aaa new-model
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
!
ip cef
!
interface FastEthernet0/0
 description PublicIPs
 ip address 204.120.117.1 255.255.255.128
 speed auto
 full-duplex
 no cdp enable
 no mop enabled
!
interface Serial0/0
 ip address 204.163.168.10 255.255.255.252
 ip nat outside
 ip load-sharing per-packet
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 description PrivateIPs
 ip address 172.28.10.1 255.255.254.0 secondary
 ip address 172.21.12.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/1
 ip address 203.157.101.242 255.255.255.252
 ip nat outside
 ip load-sharing per-packet
 no fair-queue
 no cdp enable
!
ip nat inside source list 2 interface Serial0/0 overload
ip nat inside source list 3 interface Serial0/1 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 204.163.168.9
ip route 0.0.0.0 0.0.0.0 203.157.101.241
!
!
access-list 2 permit 172.21.12.0 0.0.0.255
access-list 2 permit 172.28.10.0 0.0.0.255
access-list 3 permit 172.21.12.0 0.0.0.255
access-list 3 permit 172.28.10.0 0.0.0.255
no cdp run
!        
0
Comment
Question by:networkfrontier
2 Comments
 
LVL 1

Accepted Solution

by:
reden earned 500 total points
ID: 10764263
That;s is not possible with the existing hardware NAT engine will process the packets when it have passed the interface.  You must add another router or linux or windows server to do the NAT.

0
 
LVL 6

Expert Comment

by:Pascal666
ID: 10772712
This will give you better load balancing:

no ip cef
!
interface Serial0/0
 ip address 204.163.168.10 255.255.255.252
 ip nat outside
 no ip load-sharing per-packet
 ip route-cache flow
!
interface FastEthernet0/1
 ip address 172.28.10.1 255.255.254.0 secondary
 ip address 172.21.12.1 255.255.255.0
 ip nat inside
 ip route-cache flow
!
interface Serial0/1
 ip address 203.157.101.242 255.255.255.252
 ip nat outside
 no ip load-sharing per-packet
 ip route-cache flow
!
ip nat inside source list 2 interface Serial0/0 overload
ip nat inside source list 2 interface Serial0/1 overload
ip route 0.0.0.0 0.0.0.0 204.163.168.9
ip route 0.0.0.0 0.0.0.0 203.157.101.241
!
access-list 2 permit 172.21.12.0 0.0.0.255
access-list 2 permit 172.28.10.0 0.0.0.255

-Pascal
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now