Scribd
Upload
33 views6 pages

Dynamic NAT With Multiple Outside Interfaces and ISP Failover With Policy-Based Routing

The document describes a configuration for dynamic NAT with multiple outside interfaces and ISP failover using policy-based routing on an EDGE-CSR router. It defines NAT pools and ACLs for 3 VLANs, each failing over between 3 ISPs in a specified order. ICMP SLA tracking objects monitor the ISPs and route-maps implement PBR based on the tracked states.

Uploaded by

jkararrigas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views6 pages

Dynamic NAT With Multiple Outside Interfaces and ISP Failover With Policy-Based Routing

The document describes a configuration for dynamic NAT with multiple outside interfaces and ISP failover using policy-based routing on an EDGE-CSR router. It defines NAT pools and ACLs for 3 VLANs, each failing over between 3 ISPs in a specified order. ICMP SLA tracking objects monitor the ISPs and route-maps implement PBR based on the tracked states.

Uploaded by

jkararrigas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Dynamic NAT With Multiple Outside Interfaces

And

ISP Failover With Policy-based Routing

1.VLAN-2 must be internet failover in the order of ISP-01, ISP-02, ISP-03.

2.VLAN-7 must be internet failover in the order of ISP-02, ISP-03, ISP-01.

3.VLAN-11 must be internet failover in the order of ISP-03, ISP-01, ISP-02.

1
NAT Configuration

EDGE-CSR

ip access-list extended NAT-ACL

permit ip 192.168.2.0 0.0.0.127 any

permit ip 192.168.2.128 0.0.0.127 any

permit ip 192.168.11.0 0.0.0.63 any

deny ip any any

ip nat pool ISP-01 210.100.0.3 210.100.0.10 netmask 255.255.255.224

ip nat pool ISP-02 52.55.24.3 52.55.24.10 netmask 255.255.255.224

ip nat pool ISP-03 92.100.0.3 92.100.0.10 netmask 255.255.255.224

route-map ISP-01 permit 10

match ip address NAT-ACL

match interface GigabitEthernet1

route-map ISP-02 permit 10

match ip address NAT-ACL

match interface GigabitEthernet2

route-map ISP-03 permit 10

match ip address NAT-ACL

match interface GigabitEthernet3

2
!

ip nat inside source route-map ISP-01 pool ISP-01

ip nat inside source route-map ISP-02 pool ISP-02

ip nat inside source route-map ISP-03 pool ISP-03

interface GigabitEthernet1

ip nat outside

interface GigabitEthernet2

ip nat outside

interface GigabitEthernet3

ip nat outside

interface GigabitEthernet4.1001

ip nat inside

ISP Failover With PBR

EDGE-CSR

ip sla 100

icmp-echo 210.100.0.1 source-ip 210.100.0.2

threshold 200

timeout 250

3
frequency 3

ip sla schedule 100 life forever start-time now

ip sla 200

icmp-echo 52.55.24.1 source-ip 52.55.24.2

threshold 200

timeout 250

frequency 3

ip sla schedule 200 life forever start-time now

ip sla 300

icmp-echo 92.100.0.1 source-ip 92.100.0.2

threshold 200

timeout 250

frequency 3

ip sla schedule 300 life forever start-time now

track 100 ip sla 100 reachability

delay down 1 up 1

4
track 200 ip sla 200 reachability

delay down 1 up 1

track 300 ip sla 300 reachability

delay down 1 up 1

ip access-list extended VLAN-02

permit ip 192.168.2.0 0.0.0.127 any

deny ip any any

ip access-list extended VLAN-07

permit ip 192.168.2.128 0.0.0.127 any

deny ip any any

ip access-list extended VLAN-11

permit ip 192.168.11.0 0.0.0.63 any

deny ip any any

route-map ISP-PBR permit 10

match ip address VLAN-02

set ip next-hop verify-availability 210.100.0.1 10 track 100

set ip next-hop verify-availability 52.55.24.1 20 track 200

set ip next-hop verify-availability 92.100.0.1 30 track 300

5
!

route-map ISP-PBR permit 20

match ip address VLAN-07

set ip next-hop verify-availability 52.55.24.1 10 track 200

set ip next-hop verify-availability 92.100.0.1 20 track 300

set ip next-hop verify-availability 210.100.0.1 30 track 100

route-map ISP-PBR permit 30

match ip address VLAN-11

set ip next-hop verify-availability 92.100.0.1 10 track 300

set ip next-hop verify-availability 210.100.0.1 20 track 100

set ip next-hop verify-availability 52.55.24.1 30 track 200

interface GigabitEthernet4.1001

ip policy route-map ISP-PBR

You might also like