Prev: BRI interfaces status check
Next: Pix ACLs
From: mmark751969 on 15 Apr 2010 09:38
I've got a situation where i need the c1811 isr to do dual nat to two
different external ip addresses to the same internal ip address -
like
below:

ip nat inside sourse static 192.168.1.1 <outside address 1>
ip nat inside source static 192.168.1.1 <outside address 2>


this is because the 1811 is going behind a barracuda link balancer
and
is going to need to do the dual nat for failover purposes. Normally,
the 1811 will not do this but i got it to do it by putting route
map's
after the translation - as below:


ip nat inside source static 192.168.1.1 <outside address 1> route-map
nonat_static
ip nat inside source static 192.168.1.1 <outside address 2> route-map
nonat_static


route-map nonat_static permit 10
match ip address nonat_static


ip access-list extended nonat_static
deny ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255
deny ip 10.10.10.0 0.0.0.255 192.168.14.0 0.0.0.255
permit ip any any


the reason for the route map is for nat exemption for ipsec vpn. The
ipsec vpn is not needed however, but this is the only way i can get
the 1811 to take the dual ip nat inside translation commands. Just
wondering if this would be a recommended thing to do and if i can
expect to run into any problems in the future with the 1800 maybe not
doing the translations otherwise working. I can also just use the
link balancer as a firewall as well and i'm thinking about doing that
if the previous configuration may be problematic.


 | 
Pages: 1
Prev: BRI interfaces status check
Next: Pix ACLs