Re: Multipe internet access links with PAT

In the configuration that you have provided there are 2 lines in
access list 10 and 1 in access-list 20 which are all the same. It
looks like this is only being used to match the source address so you
really only need one line for that. To NAT based on the destination
route in the routing table you should try using route-maps

Try this:

access-list 10 permit x.x.x.x x.x.x.x
ip nat inside source route-map Dialer int dialer0 overload
ip nat inside source route-map FASTE int fa0/0 overload

route-map Dialer permit 10
 match ip add 10
 match int dialer0

route-map FASTE
 match ip add 10
 match int fa0/0

The translation timeout might cause some issues because the entry will
still exist until the timeout.

On Wed, Jun 10, 2009 at 5:17 AM, CCIE<ccie_at_axizo.com> wrote:
> Sorry there is another access-list 20, but I forget to past it
>
> access-list 20 permit 192.168.2.0 0.0.0.255
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Ravi
> Singh
> Sent: Wednesday, June 10, 2009 12:09 PM
> To: CCIE
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Multipe internet access links with PAT
>
> Not getting into the NAT configuration details as of now , but you
> have the access-list 20 missing ...or is the other access-list 10
> statement supposed to be list 20.
>
> Ravi
>
> On Wed, Jun 10, 2009 at 9:54 AM, CCIE<ccie_at_axizo.com> wrote:
>> Hi experts,
>>
>>
>>
>> I have two links to the access the internet one must be the primary, while
>> the other should be a back up upon RTR failure of the primary.
>>
>>
>>
>> Here the configuration
>>
>>
>>
>> interface FastEthernet0/0
>>
>> ip address 62.90.200.226 255.255.255.248
>>
>> ip nat outside
>>
>> ! The primary interface that face the internet
>>
>>
>>
>> interface Dialer1
>>
>> ip nat outside
>>
>> ! The second backup interface that face the internet
>>
>>
>>
>> interface FastEthernet0/1
>>
>> ip address 192.168.2.1 255.255.255.0
>>
>> ip nat inside
>>
>> ! The inside interface
>>
>>
>>
>>
>>
>> ip nat inside source list 10 interface Dialer1 overload
>>
>> ip nat inside source list 20 interface FastEthernet0/0 overload
>>
>>
>>
>> access-list 10 permit 192.168.2.0 0.0.0.255
>>
>> access-list 10 permit 192.168.2.0 0.0.0.255
>>
>>
>>
>> ip route 0.0.0.0 0.0.0.0 62.90.200.225 50 track 1
>>
>> ip route 0.0.0.0 0.0.0.0 Dialer1 51
>>
>>
>>
>> ip sla monitor 1
>>
>> type echo protocol ipIcmpEcho 62.90.200.225 source-interface
>> FastEthernet0/0
>>
>> timeout 3000
>>
>> ip sla monitor schedule 1 life forever start-time now
>>
>>
>>
>> The routing table switch upon the RTR failure, but the PATing is not
>> switched to the backup interface?
>>
>> Any help or advice?
>>
>>
>> Regards,
>>
>> Amin
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 4142 (20090609) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 4142 (20090609) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 10 2009 - 07:17:46 ART