• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 673
  • Last Modified:

NAT Overload

Question-
I have one router, two ISPs with BGP(Gi0/0 and Gi6/0).  I have one NAT Overload pointing to one WAN interface.  
--------------------------------
ip nat inside source route-map no-vpn-nat interface GigabitEthernet0/0 overload

route-map no-vpn-nat permit 10
 match ip address 180

access-list 180 deny   ip 10.100.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 180 deny   ip 10.100.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 180 deny   ip 10.100.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 180 permit ip 10.100.0.0 0.0.255.255 any
--------------------------------
Can I add another WAN interface?  

was thinking I could add this..

ip nat inside source route-map no-vpn-nat interface GigabitEthernet6/0 overload
but the IOS wont allow that.

Thanks
0
800LM
Asked:
800LM
1 Solution
 
atechnicnateCommented:
I've never personally done this so your question got me intrigued.  I found a doc that looks like using route-maps is really your best bet.  Just change the config to an overload setup...

(Credit where it's due) Reference:
https://supportforums.cisco.com/docs/DOC-3987

interface Ethernet0
 ip address 10.1.1.1 255.0.0.0
 ip nat inside
!--This connects to the Corporate network, designated as the NAT inside interface.  
interface Serial0
 ip address 192.168.1.1 255.255.255.252
 ip nat outside
!---This connects to the Internet through ISP-1, designated as the NAT outside interface.  
 
interface Serial1
 ip address 172.16.1.1 255.255.255.252
 ip nat outside
!---This connects to the Internet through ISP-2, designated as the NAT outside interface.  

ip nat pool ISP-1 192.168.1.3 192.168.1.254 prefix-length 24
!---This creates a pool by the name ISP-1, which contains addresses assigned by ISP-1.  

ip nat pool ISP-2 172.16.1.3 172.16.1.254 prefix-length 24
!---This creates a pool by the name ISP-2, which contains addresses assigned by ISP-2.  

ip nat inside source route-map isp-1 pool ISP-1
!---The above line configures Dynamic NAT mapping for the inside network
10.0.0.0/8 to a global address from the pool ISP-1 to be used for traffic matched by the route-map isp-1.  

ip nat inside source route-map isp-2 pool ISP-2
!---The above line configures Dynamic NAT mapping for the inside network
10.0.0.0/8 to a global address from the pool ISP-2 to be used for traffic matched by the route-map isp-2.  

access-list 1 permit 10.0.0.0 0.255.255.255
!---This ACL permits traffic from all hosts in the Corporate network.  

route-map isp-2 permit 10
 match ip address 1
 match interface Serial1
!---This route-map matches all traffic matched by ACL 1 and going out of
interface serial 1. In other words, all traffic from the Corporate network to the Internet through ISP-2 is matched.  

route-map isp-1 permit 10
 match ip address 1
 match interface Serial0
!---This route-map matches all traffic matched by ACL 1 and going out of
interface serial 0. In other words, all traffic from the Corporate network to the Internet through ISP-1 is matched.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now