Solved

NAT Overload

Posted on 2012-03-22
1
667 Views
Last Modified: 2012-03-26
Question-
I have one router, two ISPs with BGP(Gi0/0 and Gi6/0).  I have one NAT Overload pointing to one WAN interface.  
--------------------------------
ip nat inside source route-map no-vpn-nat interface GigabitEthernet0/0 overload

route-map no-vpn-nat permit 10
 match ip address 180

access-list 180 deny   ip 10.100.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 180 deny   ip 10.100.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 180 deny   ip 10.100.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 180 permit ip 10.100.0.0 0.0.255.255 any
--------------------------------
Can I add another WAN interface?  

was thinking I could add this..

ip nat inside source route-map no-vpn-nat interface GigabitEthernet6/0 overload
but the IOS wont allow that.

Thanks
0
Comment
Question by:800LM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 5

Accepted Solution

by:
atechnicnate earned 500 total points
ID: 37755969
I've never personally done this so your question got me intrigued.  I found a doc that looks like using route-maps is really your best bet.  Just change the config to an overload setup...

(Credit where it's due) Reference:
https://supportforums.cisco.com/docs/DOC-3987

interface Ethernet0
 ip address 10.1.1.1 255.0.0.0
 ip nat inside
!--This connects to the Corporate network, designated as the NAT inside interface.  
interface Serial0
 ip address 192.168.1.1 255.255.255.252
 ip nat outside
!---This connects to the Internet through ISP-1, designated as the NAT outside interface.  
 
interface Serial1
 ip address 172.16.1.1 255.255.255.252
 ip nat outside
!---This connects to the Internet through ISP-2, designated as the NAT outside interface.  

ip nat pool ISP-1 192.168.1.3 192.168.1.254 prefix-length 24
!---This creates a pool by the name ISP-1, which contains addresses assigned by ISP-1.  

ip nat pool ISP-2 172.16.1.3 172.16.1.254 prefix-length 24
!---This creates a pool by the name ISP-2, which contains addresses assigned by ISP-2.  

ip nat inside source route-map isp-1 pool ISP-1
!---The above line configures Dynamic NAT mapping for the inside network
10.0.0.0/8 to a global address from the pool ISP-1 to be used for traffic matched by the route-map isp-1.  

ip nat inside source route-map isp-2 pool ISP-2
!---The above line configures Dynamic NAT mapping for the inside network
10.0.0.0/8 to a global address from the pool ISP-2 to be used for traffic matched by the route-map isp-2.  

access-list 1 permit 10.0.0.0 0.255.255.255
!---This ACL permits traffic from all hosts in the Corporate network.  

route-map isp-2 permit 10
 match ip address 1
 match interface Serial1
!---This route-map matches all traffic matched by ACL 1 and going out of
interface serial 1. In other words, all traffic from the Corporate network to the Internet through ISP-2 is matched.  

route-map isp-1 permit 10
 match ip address 1
 match interface Serial0
!---This route-map matches all traffic matched by ACL 1 and going out of
interface serial 0. In other words, all traffic from the Corporate network to the Internet through ISP-1 is matched.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question