NAT and PBR on Cisco IOS

I consider this as part 2 of this post. It will be just add-ons of how to setup the NAT with 2 different ISPs.

In order to use NAT properly with 2 ISPs, route-map and policy-map are needed to be configured.

First, create ACL to define your internal subnet

access-list 10 permit 172.16.8.0 0.0.0.255

Second, define route-maps to utilize the track object created in post#1

route-map Policy_1 permit 10
match ip address 10
set ip next-hop verify-availability 10.2.3.4 track 1

Third, Define interfaces on the router/Layer 3 switch

interface FastEthernet0/0
description LAN
ip address 172.16.8.1 255.255.255.0
ip nat inside
ip policy route-map Policy_1
!
interface FastEthernet0/1
description Pri_ISP
ip address 10.2.3.3 255.255.255.0
ip nat outside
!
interface FastEthernet1/0
description Sec_ISP
ip address 192.5.6.7 255.255.255.0
ip nat outside

Forth, Create route-maps for the NAT rules
route-map PRI_ISP permit 10
match ip address 10
match interface FastEthernet0/1
!
route-map SEC_ISP permit 10
match ip address 10
match interface FastEthernet1/0

Last, create NAT rules

ip nat inside source route-map PRI_ISP interface FastEthernet0/1 overload
ip nat inside source route-map SEC_ISP interface FastEthernet1/0 overload

For the setup on ASA, I personally still prefer to use ASDM (I simply can not get my head around the syntax on ASA). So please refer to this link.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s