[c-nsp] Backup/redundant internet connection

Bill admin at vci.net
Tue Dec 12 12:15:24 EST 2006 

    I understand how to configure NAT but that doesn't answer the question.
The question was how to configure NAT on a loopback interface and then route
the outbound traffic to that loopback interface.

    No one has said this yet but wouldn't PBR on the LAN interface work for
this? Something similar to this?

    interface FastEthernet 0
        desc FIBER interface
        ip address 207.162.x.y 255.255.255.252

    interface FastEthernet 1
        desc DSL interface
        ip address dhcp
        ip virtual-reassembly

    interface FastEthernet 2
        desc Customer's LAN interface
        ip address 192.168.1.1 255.255.255.0
        ip policy route-map POLICY1
        ip route-cache policy
        ip virtual-reassembly
        ip nat inside

    interface Loopback 0
        desc interface for
        ip address 207.162.yyy.aa 255.255.255.255
        ip nat outside

    route-map POLICY 1
        match ip address 199
        set ip next-hop 207.162.yyy.aa  (packets entering this interface
must pass thru the Loopback for NATing)

    access-list 199 permit ip 192.168.1.0 0.0.0.255 any  (this matches all
outbound packets from the LAN interface)

    ip route 0.0.0.0 0.0.0.0 207.162.x.z (static route to other side of
fiber interface)
    ip route 0.0.0.0 0.0.0.0 207.162.a.b (static route to other side of DSL
interface)

      Bill



----- Original Message ----- 
From: Tim Franklin
To: cisco-nsp at puck.nether.net
Sent: Tuesday, December 12, 2006 10:55 AM
Subject: Re: [c-nsp] Backup/redundant internet connection


>     Doesn't this config show the ouside NAT interface on the two
> FastEthernet interfaces and not the Loopback?

'outside' and 'inside' on the interfaces tell the router *when* to NAT.

'ip nat inside source list <acl> interface <interface> overload' tells the
router *what* to NAT.

The traditional config has the 'outside' interface and the interface in the
'ip nat' statement both as the WAN, but there's no reason why this must be
the case.

Regards,
Tim.

-- 
____________   Tim Franklin                 e: tim.franklin at colt.net
\C/\O/\L/\T/   Network Development &        w: www.colt.net
 V  V  V  V    Product Engineering          t: +44 20 7863 5714
Data | Voice | Managed Services             f: +44 20 7863 5876

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list