Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

NAT and routing for one router and two ISPs

Posted on 2011-04-22
5
Medium Priority
?
336 Views
Last Modified: 2012-05-11
I have a Cisco ISR with three fast ethernet connections - 1 is local lan, 1 is ISP A and 2 is ISP B.
Say the local LAN is private IP subnet 192.168.100.0/24.  The interface to ISP A is 192.168.66.10 and the route to the Internet via ISP A is 192.168.66.1.  The interface to ISP B is 192.168.77.10 and the route to the Internet via ISP B is 192.168.77.1.  I would like all traffic destined for 11.0.0.0/8 to NAT to ISP A interface IP 192.168.66.10 and route out same.  I would like all other internet traffic the default 0.0.0.0 route to NAT to the ISP B interface IP 192.168.77.10 and route out that interface.  How would I accomplish this?
0
Comment
Question by:amigan_99
  • 2
  • 2
5 Comments
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 35450697
You need policy-based routing.

You could try something like this...

interface FastEthernet0/0
ip address 192.168.100.1 255.255.255.0
ip nat inside
no shutdown
!
interface FastEthernet0/1
ip address 192.168.66.10 255.255.255.0
ip nat outside
ip policy route-map route11net
no shutdown
!
interface FastEthernet1/0
ip address 192.168.77.10 255.255.255.0
ip nat outside
no shutdown
!
access-list 100 remark ACL for NAT via FastEthernet0/1
access-list 100 permit ip 192.168.100.0 0.0.0.255 11.0.0.0 0.255.255.255
access-list 101 remark ACL for NAT via FastEthernet1/0
access-list 101 deny ip 192.168.100.0 0.0.0.255 11.0.0.0 0.0.0.255
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 102 remark ACL for Route-Map to 11.0.0.0/8
access-list 102 permit ip any 11.0.0.0 0.255.255.255
!
route-map route11net permit 10
match ip address 102
set ip next-hop 192.168.66.1
!
ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source list 100 interface FastEthernet1/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.77.1
0
 
LVL 1

Expert Comment

by:hangeles1
ID: 35450711
Sounds like you need policy based routing. See if this helps:

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpolicy.html
0
 
LVL 1

Author Comment

by:amigan_99
ID: 35450755
craigbeck: Just to verify - I think you mean the second ip nat inside to read


ip nat inside source list 101 interface FastEthernet1/0 overload

..right?
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 2000 total points
ID: 35450903
Oops!! Yes, you are correct :-)

ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source list 101 interface FastEthernet1/0 overload
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 35450958
Most helpful - thank you!
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question