GrobRIM
asked on
Configuring Cisco with several public IP's for NAT on one interface
I have a Cisco 2800 with two Eth interfaces (fe0/0 and fe0/1), one (fe0/0) connected to my LAN and the other one (fe0/1) connected to my "Internet" segment; this Internet segment is in turn connected to 3 ISP routers (one ADSL, one LS, and one VSAT -- let's call them A, B and C). Currently, my Cisco 2800 Internet eth interface (fe0/1) is assigned a public IP from connection A, and default ip outbound routing is directed towards A's router. And I have also defined some NAT's between some other public IP's bought from A and some of my private IP's (on the fe0/0) side. This works fine -- ie, I can establish connections out to the Internet from the LAN, and clients from the Internet can connect to my NAT'ed LAN servers. Basic stuff. Great.
Now, I'd like to use connections B and C. So I have similarly defined some more NAT's, using public ip addresses bought from ISP's B and C, and NAT'ed them to some LAN ip's. And these NAT's don't work (neither TCP nor UDP). Should I do something about the "return path"? ie, I've got only one default route out, towards A's gateway. How should I explain the router that connections/packets first coming onto B/C public IP's should be routed back to B/C's gateways? I can't even get these NAT's to work with B and C public ip's when I hook up a single PC on my "Internet" segment with a public address from B and C.
Now, I'd like to use connections B and C. So I have similarly defined some more NAT's, using public ip addresses bought from ISP's B and C, and NAT'ed them to some LAN ip's. And these NAT's don't work (neither TCP nor UDP). Should I do something about the "return path"? ie, I've got only one default route out, towards A's gateway. How should I explain the router that connections/packets first coming onto B/C public IP's should be routed back to B/C's gateways? I can't even get these NAT's to work with B and C public ip's when I hook up a single PC on my "Internet" segment with a public address from B and C.
ASKER
Scott,
Yes, on FE0/1, I'm using public IP adresses assigned to me by ISP's A, B, and C.
I had already tried that -- adding explicit secondary addresses to the interface, though the cisco doc seems to state that the router won't use them for other purposes than sending routing updates) -- and it didn't help.
I thought that if the router would establish an incoming NAT'ed connection on, say, public ip B1 or C1, it would send packets back using B1 or C1 as the source address, and to make things clear for it, I've also expicitely stated that addresses B1 and C1 are on interface FE0/1 by creating explicit routes to the public subnets assigned to me by B and C, like:
ip route <public-subnetrange-B> <public-subnetmask-B> FastEthernet0/1
ip route <public-subnetrange-C> <public-subnetmask-C> FastEthernet0/1
But didn't help either....
Yes, on FE0/1, I'm using public IP adresses assigned to me by ISP's A, B, and C.
I had already tried that -- adding explicit secondary addresses to the interface, though the cisco doc seems to state that the router won't use them for other purposes than sending routing updates) -- and it didn't help.
I thought that if the router would establish an incoming NAT'ed connection on, say, public ip B1 or C1, it would send packets back using B1 or C1 as the source address, and to make things clear for it, I've also expicitely stated that addresses B1 and C1 are on interface FE0/1 by creating explicit routes to the public subnets assigned to me by B and C, like:
ip route <public-subnetrange-B> <public-subnetmask-B> FastEthernet0/1
ip route <public-subnetrange-C> <public-subnetmask-C> FastEthernet0/1
But didn't help either....
then you will want to look at the command IP ouside source static should work and maybe do some policey based routing to determine path... Just a thought.
Thanks
scott
Thanks
scott
ASKER
Which commande are you refering to, Scott?
I understand I'll need some policy-based routing to have my back-traffic routed to B's and C's gateways, but still, I can't even have the NAT work inwards with a test-PC plugged directly on the FE0/1 segment and set with a public IP from B or C.... grrr....
I understand I'll need some policy-based routing to have my back-traffic routed to B's and C's gateways, but still, I can't even have the NAT work inwards with a test-PC plugged directly on the FE0/1 segment and set with a public IP from B or C.... grrr....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try adding secondary addresses for B and C ISP's
ip address x.x.x.x 255.255.255.x secondary (ISP B's wan IP address)
ip address y.y.y.y 255.255.255.y secondary (ISP C's WAN IP address)
Thanks
Scott