Link to home
Start Free TrialLog in
Avatar of orbix
orbix

asked on

Multiple NAT sessions on 1 Router?

Is it possible to have multiple NAT sessions on a single router?

I would like to have similar setup (WebServer etc.) on second public IP on
Interface Ethernet 3/0 IP 66.x.86.x

Partial current config listed below.

!
ip nat inside source list 2 interface Ethernet3/2 overload
ip nat inside source static tcp 172.x.13.12 53 66.x.66. x 53 extendable
ip nat inside source static tcp 172.x.13.12 80 66. x.66. x 80 extendable
ip nat inside source static udp 172.x.13.12 53 66. x.66. x 53 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 66. x.66.1
ip route 0.0.0.0 0.0.0.0 66. x.86.1 200
!
!
!
ip access-list extended WebServer
.
.
 permit tcp any any established
 .
.
 permit udp any eq domain host 66. x.66.17
 permit udp any host 66. x.66. x eq domain
 permit tcp any host 66. x.66. x eq domain
 permit tcp any host 66. x.66. x eq www
.
.
deny   ip any any log-input
!
!
access-list 2 permit 10.0.0.0 0.255.255.255  < ==== Inside Private Subnets
access-list 2 permit 172.16.0.0 0.15.255.255  < ==== Inside Private Subnets
access-list 2 permit 192.168.0.0 0.0.255.255  < ==== Inside Private Subnets
!
!

ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of orbix
orbix

ASKER

Again, thanks for your help.

I do have another question about this. Currently all out bound traffice is going out Int E3/2

!
ip nat inside source list 2 interface Ethernet3/2 overload = 66.x.66.1
!
ip route 0.0.0.0 0.0.0.0 66. x.66.1
ip route 0.0.0.0 0.0.0.0 66. x.86.1 200
!

But if that Int, or ISP IP goes down, the secondary Gateway will kick in, How will out bound traffic go? Will it all stop due to Int E3/2 (66.x.66.1) being down, or will the NAT Fail over as well as the gateway of last resort?
I'd have to see your complete config to see if that would also fail over..
As long as the 66.xx.86.x subnet and the 66.xx.66.x subnets get broadcast from this router to the iSP, there's no issue.
are you using BGP to send your network(s) to the ISP?