Reroute traffic from one network to another
ahmedahmed
Member Posts: 41 ■■□□□□□□□□
in CCNP
Hello ,
I have set up this configuration on my router and thanks to you it worked just as I wanted.
Please I need to configure a second router, attached is a rough netowrk diagram of what i want with a red highliter indicating the flow of traffic.
what I want is such that the second router will be at a site in a second location(NetworkB) such that remote users will come through an Ip provided through ISPB to the R2 and from that router they will be directed to NetworkA (Router R1). I was thinking that NAT on a stick will be the solution but not too sure? I have gone through the Cisco documents on configuring Nat on a Stick but am also confused on how i will direct them to my network.
For example what i wan is this : Remote users come through ISPB with IP of 4.4.4.2 and 4.4.4.3 and 4.4.4.4 and the ISPB takes them to the Router R2(remote) from where the IP is translated to our current networks(NetworkA) IPs respectively ie 4.4.4.2 goes to the 216.140.140.4 and 4.4.4.3 goes to the 216.140.140.4, an 4.4.4.4 goes to 216.140.140.4 which are the public IP of servers on network A.
Note:Servers connected to network A are in 10.0.0.0 internal and 216.140.140.0 public network.
Need some help on this.
I have set up this configuration on my router and thanks to you it worked just as I wanted.
Please I need to configure a second router, attached is a rough netowrk diagram of what i want with a red highliter indicating the flow of traffic.
what I want is such that the second router will be at a site in a second location(NetworkB) such that remote users will come through an Ip provided through ISPB to the R2 and from that router they will be directed to NetworkA (Router R1). I was thinking that NAT on a stick will be the solution but not too sure? I have gone through the Cisco documents on configuring Nat on a Stick but am also confused on how i will direct them to my network.
For example what i wan is this : Remote users come through ISPB with IP of 4.4.4.2 and 4.4.4.3 and 4.4.4.4 and the ISPB takes them to the Router R2(remote) from where the IP is translated to our current networks(NetworkA) IPs respectively ie 4.4.4.2 goes to the 216.140.140.4 and 4.4.4.3 goes to the 216.140.140.4, an 4.4.4.4 goes to 216.140.140.4 which are the public IP of servers on network A.
Note:Servers connected to network A are in 10.0.0.0 internal and 216.140.140.0 public network.
Need some help on this.
Comments
-
WiseWun Member Posts: 285Why don't you send the datagram directly to ISPA instead of going to R2 then back to ISPB?"If you’re not prepared to be wrong, you’ll never come up with anything original.” - Ken Robinson
-
ahmedahmed Member Posts: 41 ■■□□□□□□□□Because The location of Nw B users is very far and direct traffic for users from the Nw B location to directly access the Nw A without using R2 produces a very high delay/latency which will not allow some of our real time applications to properly function. so we need to route traffic through ISPB on networ2 through R2(as ISP B will provide a high speed low latency back bone route to network A)
-
pert Member Posts: 250ahmedahmed wrote: »Because The location of Nw B users is very far and direct traffic for users from the Nw B location to directly access the Nw A without using R2 produces a very high delay/latency which will not allow some of our real time applications to properly function. so we need to route traffic through ISPB on networ2 through R2(as ISP B will provide a high speed low latency back bone route to network A)
This explanation doesnt make any sense, if they go through R2 to get to Nw A they are just taking all the original delay + delay from going to Nw B. If ISPB has a high speed low latency link to Nw A why can't they just use that from the start?
Disregarding all that. Just setup up NAT pools and define which addresses get NAT'ed at each edge. Then do some Policy based routing to shape the traffic to your desire. -
ahmedahmed Member Posts: 41 ■■□□□□□□□□Can you explain a bit on what you mean by "Just setup up NAT pools and define which addresses get NAT'ed at each edge. Then do some Policy based routing to shape the traffic to your desire"
would appreciate your input. -
WiseWun Member Posts: 285I was also going to suggest PBR but your second respond through me off. PBR allows you send traffic in different directions using source/dest, protocol type, or the physical interface. You'll need to do your research on PBR and manually define your routing policy using route-maps. It's very granular and gives you control on how traffic flows. Is this for work?"If you’re not prepared to be wrong, you’ll never come up with anything original.” - Ken Robinson
-
ahmedahmed Member Posts: 41 ■■□□□□□□□□From my research I came up with Nat on a Stick which uses PBR but what I am not sure is how do I reroute traffic comming on the 216.160.160.0 network to the 216.150.150.0 network ie someone accessing the network using 216.160.160.2 gets routed to 216.140.140.2?
Note:all Ips are dummy
interface loopback 0
ip address 10.1.0.1 255.255.255.0
ip nat inside
interface gi0/0
ip address 10.0.1.1 255.255.255.0
ip address 216.160.160.1 255.255.255.0 secondary
ip nat outside
ip policy route-map NAT-ON-STICK
ip nat inside source static 10.0.0.1.2 216.160.160.2
ip nat inside source static 10.0.0.1.3 216.160.160.3
ip nat inside source static 10.0.0.1.4 216.160.160.4
ip route 0.0.0.0 0.0.0.0 216.160.160.254
access-list 102 permit ip any 216.160.160.0 0.0.0.255
access-list 102 permit ip 10.0.1.0 0.0.255 any
route-map NAT-ON-STICK permit 10
match ip address 102
set ip next-hop 10.1.0.2
access-list 103 permit ip 216.160.160.0 0.0.0.255 216.140.140.0 0.0.0.255
route-map NAT-ON-STICK permit 20
match ip address 103
set ip next-hop 216.160.160.254
set ip set ip next-hop recursive 216.140.140.2 -
iamme4eva Member Posts: 272I'm with WiseWun - when your users data from the laptop arrives at ISPB, just turn right and go the quick way. Seems a bit counter-intuitive to deliberately go through another router.Current objective: CCNA Security
My blog: mybraindump.co.uk -
ahmedahmed Member Posts: 41 ■■□□□□□□□□If have changed my approach, instead of using Nat on a Stick, I created a VPN to R2 (ie making R2 an easy VPN server) for users to setup a VPN between their computer and R2 but now my issue is still how to direct the traffic from R2 to R1.
Although I am not sure of this! when a VPN connection is established between remote users and R2 and creating a static route to R1 ie ip router 216.160.160.0 216.140.140.0, it is like a user is directly connected on R2 the user can enter the R1s public address and access the R1 resources?
Please will appreciate some updates.