Re: Multipe internet access links with PAT

check this out http://supportwiki.cisco.com/ViewWiki/index.php/Configuring_dynamic_NAT_with_route-maps
Thanking You

Yours Sincerely

Divin Mathew John
divinjohn_at_gmail.com
divin_at_dide3d.com
http://www.dide3d.com
+91 9945430983
+91 9846697191
+974 5008916
PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt
Sent from Bangalore, KA, India

On Wed, Jun 10, 2009 at 4:47 PM, Jeff Andiorio<jandiorio_at_gmail.com> wrote:
> In the configuration that you have provided there are 2 lines in
> access list 10 and 1 in access-list 20 which are all the same. It
> looks like this is only being used to match the source address so you
> really only need one line for that. To NAT based on the destination
> route in the routing table you should try using route-maps
>
> Try this:
>
> access-list 10 permit x.x.x.x x.x.x.x
> ip nat inside source route-map Dialer int dialer0 overload
> ip nat inside source route-map FASTE int fa0/0 overload
>
> route-map Dialer permit 10
> match ip add 10
> match int dialer0
>
> route-map FASTE
> match ip add 10
> match int fa0/0
>
> The translation timeout might cause some issues because the entry will
> still exist until the timeout.
>
>
>
> On Wed, Jun 10, 2009 at 5:17 AM, CCIE<ccie_at_axizo.com> wrote:
>> Sorry there is another access-list 20, but I forget to past it
>>
>> access-list 20 permit 192.168.2.0 0.0.0.255
>>
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Ravi
>> Singh
>> Sent: Wednesday, June 10, 2009 12:09 PM
>> To: CCIE
>> Cc: ccielab_at_groupstudy.com
>> Subject: Re: Multipe internet access links with PAT
>>
>> Not getting into the NAT configuration details as of now , but you
>> have the access-list 20 missing ...or is the other access-list 10
>> statement supposed to be list 20.
>>
>> Ravi
>>
>> On Wed, Jun 10, 2009 at 9:54 AM, CCIE<ccie_at_axizo.com> wrote:
>>> Hi experts,
>>>
>>>
>>>
>>> I have two links to the access the internet one must be the primary, while
>>> the other should be a back up upon RTR failure of the primary.
>>>
>>>
>>>
>>> Here the configuration
>>>
>>>
>>>
>>> interface FastEthernet0/0
>>>
>>> ip address 62.90.200.226 255.255.255.248
>>>
>>> ip nat outside
>>>
>>> ! The primary interface that face the internet
>>>
>>>
>>>
>>> interface Dialer1
>>>
>>> ip nat outside
>>>
>>> ! The second backup interface that face the internet
>>>
>>>
>>>
>>> interface FastEthernet0/1
>>>
>>> ip address 192.168.2.1 255.255.255.0
>>>
>>> ip nat inside
>>>
>>> ! The inside interface
>>>
>>>
>>>
>>>
>>>
>>> ip nat inside source list 10 interface Dialer1 overload
>>>
>>> ip nat inside source list 20 interface FastEthernet0/0 overload
>>>
>>>
>>>
>>> access-list 10 permit 192.168.2.0 0.0.0.255
>>>
>>> access-list 10 permit 192.168.2.0 0.0.0.255
>>>
>>>
>>>
>>> ip route 0.0.0.0 0.0.0.0 62.90.200.225 50 track 1
>>>
>>> ip route 0.0.0.0 0.0.0.0 Dialer1 51
>>>
>>>
>>>
>>> ip sla monitor 1
>>>
>>> type echo protocol ipIcmpEcho 62.90.200.225 source-interface
>>> FastEthernet0/0
>>>
>>> timeout 3000
>>>
>>> ip sla monitor schedule 1 life forever start-time now
>>>
>>>
>>>
>>> The routing table switch upon the RTR failure, but the PATing is not
>>> switched to the backup interface?
>>>
>>> Any help or advice?
>>>
>>>
>>> Regards,
>>>
>>> Amin
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature
>> database 4142 (20090609) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature
>> database 4142 (20090609) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 10 2009 - 16:54:38 ART