With reference to:
https://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml
This configuration allows you to run NAT over two WAN connections and load balance over them. Created and tested in GNS3. An example of where you would use this is if you had a single router connected to two different service providers and you wanted to NAT over both of them for load balancing. Should one of them go down NAT should continue to work over the other connection (though in practice I found that if you had an active NAT translation over one connection and you pulled that WAN link it would not failover automatically and you would have to kill that session and restart it - I was using pretty old IOS on GNS3 though).
It is not shown here but you can control which source address gets NAT'ted on which connection through the use of policy routing.
! Create two ip sla monitors to track the next hop of each WAN connection
ip sla monitor 1
type echo protocol ipIcmpEcho 123.123.123.2 source-interface FastEthernet0/0
timeout 1000
threshold 40
frequency 3
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 124.124.124.2 source-interface FastEthernet1/0
timeout 1000
threshold 40
frequency 3
ip sla monitor schedule 2 life forever start-time now
!
!
! Create two tracking objects to track the state of the ip sla monitors
track timer interface 5
!
track 123 rtr 1 reachability
delay down 15 up 10
!
track 345 rtr 2 reachability
delay down 15 up 10
!
! Fa0/0 defined as an outside NAT interface
interface FastEthernet0/0
description WAN Connection 1
ip address 123.123.123.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
! Fa0/1 defined as an inside NAT interface
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
! Fa1/0 defined as an outside NAT interface
interface FastEthernet1/0
description WAN Connection 2
ip address 124.124.124.1 255.255.255.252
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
! Static routes configured to follow the tracked objects
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 123.123.123.2 track 123
ip route 0.0.0.0 0.0.0.0 124.124.124.2 track 345
!
! NAT overload statements for each WAN interface referencing their own
! route-map
ip nat inside source route-map nat1 interface FastEthernet0/0 overload
ip nat inside source route-map nat2 interface FastEthernet1/0 overload
!
! ACL defining the "inside" network
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
!
! Route-map referencing the ACL and matching one interface
route-map nat2 permit 10
match ip address 100
match interface FastEthernet1/0
!
! Route-map referencing the same ACL and matching the other interface
route-map nat1 permit 10
match ip address 100
match interface FastEthernet0/0
!
No comments:
Post a Comment