IOS Nat to two ISPs - Real mess

From: Kal Han (calikali2006@gmail.com)
Date: Sat Nov 11 2006 - 02:26:13 ART

• Next message: Aijaz Wani: "R&S lab in Dubia on 21st DEC, 2006 avaliable"
• Previous message: Brian Dennis: "RE: How To Run Cisco IOS On Your PC (Dynamips Router Emulator)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi
When I have a router with a multi point interface connected to
two different interfaces, is nat with "extendable" key word the
only way to use nat to go to internet via both of the ISPs ?

Has anyone tried to configure dmvpn using static nat ????
Please let me know how to configure it.
I am having hard time to configure this type of scenario.
r2 has a multi-point link to r3 and r4.

                       [r3]
                      /
                    /
[r1]-------[r2]---
                    \

                       \
                        [r4]

I want to configure DMVPN between r1--- r2--- r3
and also use nat on r2 to go outside thru both r3 and r4.

r2 loopback - 2.2.2.2 ( inside )
r2 multipoint int ip = 195.1.234.2 ( outside )
( there is one more router between r2 and r4 thats why the IPs are like
this)
r4 ip - 195.1.146.6

When I configure nat, using
"ip nat inside source static network 2.2.2.0 195.1.234.0 /24 route-map nonat
extendable"
I am having this type of translations

*gre 195.1.234.2:0 2.2.2.2:0 195.1.146.6:0
195.1.146.6:0
--- 195.1.234.2 2.2.2.2
 --- ---
udp 195.1.234.2:4500 2.2.2.2:4500 195.1.146.6:4500
195.1.146.6:4500
udp 195.1.234.2:500 2.2.2.2:500 195.1.146.6:500
195.1.146.6:500*

and my VPN is dying because of the above translations.

My ACL used in route-map nonat ( I know its a mess as I tried everything )
-----------------------------------------------------------------------------------------------------------
Extended IP access list 101
    1 deny ip host 195.1.234.2 host 195.1.146.6 (194 matches)
    2 deny gre host 195.1.234.2 host 195.1.146.6
    3 deny esp host 195.1.234.2 host 195.1.146.6
    10 deny ip 2.2.2.0 0.0.0.255 6.6.6.0 0.0.0.255
    11 deny ip 2.2.2.0 0.0.0.255 host 195.1.146.6
    20 deny ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
    30 permit ip 2.2.2.0 0.0.0.255 any

Can any one please let me know about this ACL to use in route-map
of "static nat" to over come this problem.
Is it atleast possible to do something offered by the "extendable" keyword
by dynamic nat instead of static nat ( extendable keyword is only available
with static nat cli )

Thanks
Kal

• Next message: Aijaz Wani: "R&S lab in Dubia on 21st DEC, 2006 avaliable"
• Previous message: Brian Dennis: "RE: How To Run Cisco IOS On Your PC (Dynamips Router Emulator)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART