NAT Dual ISP

Latest reply: Apr 3, 2015 02:02:59 2010 6 0 0

Hello, i need help.

I have router AR1220 and Two ISP.

and i Have two internal subnet:

172.23.44.0\24 and 172.23.45.0\24

I want setup NAT.

For network - 172.23.44.0\24 - ISP1

For network - 172.23.45.0\24 - ISP2

but i dont understand how it work.




  • x
  • convention:

user_2790689
Created Apr 1, 2015 10:36:04 Helpful(0) Helpful(0)

Please wait , we'll answer you later.
  • x
  • convention:

luwj
Created Apr 2, 2015 07:41:50 Helpful(0) Helpful(0)

for example:

dhcp enable
int g0/0/0
ip add 172.23.44.1 24
dhcp select interface
int g0/0/1
ip add 172.23.45.1 24
dhcp select interface
int g0/0/2
ip add 202.100.1.1 24
desc Conn_To_ISP1
int g0/0/3
ip add 202.100.2.1 24
desc Conn_To_ISP2
ip route-static 0.0.0.0 0.0.0.0 202.100.1.2
ip route-static 0.0.0.0 0.0.0.0 202.100.2.2
acl 2000
rule permit source 172.23.44.0 0.0.0.255
rule permit source 172.23.45.0 0.0.0.255
int g0/0/2
nat outbound 2000
int g0/0/3
nat outbound 2000
acl 2001
rule permit source 172.23.44.0 0.0.0.255
acl 2002
rule permit source 172.23.45.0 0.0.0.255
traffic classifier c1
if-match acl 2001
traffic classifier c2
if-match acl 2002
traffic behavior b1
redirect ip-nexthop 202.100.1.2
traffic behavior b1
redirect ip-nexthop 202.100.2.2
traffic policy p1
classifier c1 behavior b1
traffic policy p2
classifier c2 behavior b2
int g0/0/0
traffic-policy p1 inbound
int g0/0/1
traffic-policy p2 inbound

  • x
  • convention:

nightguide
Created Apr 2, 2015 12:24:02 Helpful(0) Helpful(0)

Ok...


see

i try it in eNSP emulator before test in my real router.


###MY CONFIG AR1220

acl number 2001 
rule 5 permit source 172.23.45.0 0.0.0.255
acl number 2002 
rule 5 permit source 172.23.46.0 0.0.0.255
acl number 2003 
rule 5 permit
rule 10 permit source 172.23.45.0 0.0.0.255
rule 20 permit source 172.23.46.0 0.0.0.255
#
traffic classifier c2 operator or
if-match acl 2001
traffic classifier c1 operator or
if-match acl 2002
#
traffic behavior b2
redirect ip-nexthop 212.20.128.129
traffic behavior b1
redirect ip-nexthop 212.20.64.129
#
traffic policy p2
classifier c2 behavior b2
traffic policy p1
classifier c1 behavior b1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Vlanif2
ip address 172.23.45.1 255.255.255.0
traffic-policy p2 inbound
#
interface Vlanif3
ip address 172.23.46.1 255.255.255.0
traffic-policy p1 inbound
#
interface Ethernet0/0/0
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 212.20.128.130 255.255.255.252
nat outbound 2003
#
interface GigabitEthernet0/0/1
ip address 212.20.64.130 255.255.255.252
nat outbound 2003
#
interface NULL0
#
interface LoopBack0
#
ip route-static 0.0.0.0 0.0.0.0 212.20.128.129
ip route-static 0.0.0.0 0.0.0.0 212.20.64.129
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac



I ping from 172.23.46.2 and 172.23.45.2 to 8.8.8.9 

See result "di nat session all"

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 172.23.45.2                                   
     DestAddr  Vpn     : 8.8.8.9                                       
     Type Code IcmpId  : 0   8   10641
     NAT-Info
       New SrcAddr     : 212.20.64.130 
       New DestAddr    : ----
       New IcmpId      : 10345

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 172.23.46.2                                   
     DestAddr  Vpn     : 8.8.8.9                                       
     Type Code IcmpId  : 0   8   10632
     NAT-Info
       New SrcAddr     : 212.20.128.130


Why New srcAddr through NAT from 172.23.46.0/24 network - 212.20.128.130 ??????!!!!

I don,t understand.

I have taffic-police p1 

here we see network c1 if match acl 2002 behaivor b1

But why does not work

why????  NewSRCAddr 212.20.128.130


  • x
  • convention:

luwj
Created Apr 3, 2015 01:57:33 Helpful(0) Helpful(0)

Reply 4 #

Now ensp not support some features traffic-policy.

Physical device no problem.

  • x
  • convention:

nightguide
Created Apr 3, 2015 02:01:07 Helpful(0) Helpful(0)

Reply 5 #

Oh,  ok thnx, i try it on my real router))) 

  • x
  • convention:

luwj
Created Apr 3, 2015 02:02:59 Helpful(0) Helpful(0)

Reply 6 #

ok...

  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login