NAT to multiple outside connections
Ok, first a brief run down of how I want things setup.
Inside interface going to a 10.x.x.x subnet.
3 outside interfaces, each going to a DSL line. Lets call this 60.x.x.x, 65.x.x.x, and 75.x.x.x.
Now I have all interfaces up and getting my PPPoE connection up with IPs, setting default routes to each and they are all installed in the routing table, so far so good.
My problem is with NAT. I want to NAT from my internal IPs, to these external networks, but it doesn't seem to want it. I can't seem to be able to specify more than 1 outside network.
The 2 work arounds I have thought of is:
-Break the 10.x.x.x network into 3 groups, and NAT each group out a different interface. Problem with this is I wont get the utilization I am looking for.
-install a switch behind the router and run some sort of HSRP/GLBP magic to 'load balance' between all 3 connections. Haven't explored this much yet.
Is there any way to get what I want here? Or is NAT not designed to do this?
BTW when I tried this: ip nat pool 60.x.x.x 75.x.x.x prefix 4....it crashed the router lol
Inside interface going to a 10.x.x.x subnet.
3 outside interfaces, each going to a DSL line. Lets call this 60.x.x.x, 65.x.x.x, and 75.x.x.x.
Now I have all interfaces up and getting my PPPoE connection up with IPs, setting default routes to each and they are all installed in the routing table, so far so good.
My problem is with NAT. I want to NAT from my internal IPs, to these external networks, but it doesn't seem to want it. I can't seem to be able to specify more than 1 outside network.
The 2 work arounds I have thought of is:
-Break the 10.x.x.x network into 3 groups, and NAT each group out a different interface. Problem with this is I wont get the utilization I am looking for.
-install a switch behind the router and run some sort of HSRP/GLBP magic to 'load balance' between all 3 connections. Haven't explored this much yet.
Is there any way to get what I want here? Or is NAT not designed to do this?
BTW when I tried this: ip nat pool 60.x.x.x 75.x.x.x prefix 4....it crashed the router lol
Comments
-
networker050184
Mod Posts: 11,962 Mod
Have you tired to just make multiple NAT statements to overload each interface? Then let your default routes load balance over the interfaces? Not sure if it will work or not.
ip nat inside source list 1 interface 1 overload
ip nat inside source list 1 interface 2 overload
ip nat inside source list 1 interface 3 overload
EDIT: Come to think of it it will probably only the first one will be used. Might be worth a try to be sure though.An expert is a man who has made all the mistakes which can be made. -
GT-Rob
Member Posts: 1,090
networker050184 wrote: »Have you tired to just make multiple NAT statements to overload each interface? Then let your default routes load balance over the interfaces? Not sure if it will work or not.
ip nat inside source list 1 interface 1 overload
ip nat inside source list 1 interface 2 overload
ip nat inside source list 1 interface 3 overload
EDIT: Come to think of it it will probably only the first one will be used. Might be worth a try to be sure though.
Yeah I tried this first, but when you put in the second line, the first one is removed lol -
GT-Rob
Member Posts: 1,090
hmmm I might have found a solution on Cisco.com, using route maps to define the outside interfaces, and OER to track the routes (double bonus).
I will post my solution if it works! -
networker050184
Mod Posts: 11,962 Mod
hmmm I might have found a solution on Cisco.com, using route maps to define the outside interfaces, and OER to track the routes (double bonus).
I will post my solution if it works!
Haha, I was actually just about to try something like that. I pulled up dynamips because this got me thinking and seen the oer keyword. Let me know how it works out.
Another thing that might keep the first entry from being removed when you add the second is to use a different ACL. You can make it the same statements, but use a different number/name. I haven't tried it yet though.An expert is a man who has made all the mistakes which can be made. -
billscott92787
Member Posts: 933
What if you used the same configuration but used something like:
ip nat inside source list 1 interface Serial0/0 overload
ip nat inside source list 2 interface Serial0/1 overload
ip nat inside source list 3 interface Serial1/0 overload
Have separate lists per statement. If you use the nat configuration statement like you said they overwrite each other. If you use them this way they do not. I'm not sure if it will work for what you are looking for but it is worth a shot
Networker you beat me to the punch! -
ColbyG
Member Posts: 1,264
hmmm I might have found a solution on Cisco.com, using route maps to define the outside interfaces, and OER to track the routes (double bonus).
I will post my solution if it works!
Yea, you found the doc I was going to post.
https://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml -
GT-Rob
Member Posts: 1,090
haha thats the one. The logic of it doesn't quite make sense to me (defining the outside interface in the "inside" route-map match statement), but Ill give it a try anyway! I would have never thought of using a route-map in a NAT statement either.
Bill: I think that will 'take', but what Im afraid of happening is the first ACL matching all the time, and always sending it out that first interface, instead of giving me my "round-robin, load balance". Haven't tested it yet though. -
APA
Member Posts: 959
Yea, you found the doc I was going to post.
https://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml
Yep read this optimized edge routing document a while back..... haven't had the chance to try it though..... but logically it makes sense
Pretty cool as well....let us know how it goes!
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP
