Below is the topology. I have static default routes from R1, R2, and R3 pointing to R4. R7 has a static route to each serial link.
Here is R4's config:
interface FastEthernet0/0
ip address 192.168.0.4 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial1/0
ip address 192.168.45.4 255.255.255.0
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.46.4 255.255.255.0
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 192.168.45.5
ip route 0.0.0.0 0.0.0.0 192.168.46.6
!
ip nat pool POOL 192.168.0.1 192.168.0.3 prefix-length 24 type rotary
ip nat inside destination list 10 pool POOL
!
access-list 10 permit 192.168.45.10
access-list 10 permit 192.168.46.10
From R7 we will verify:
R7#telnet 192.168.45.10
Trying 192.168.45.10 ... Open
R1>
R1>exit
[Connection to 192.168.45.10 closed by foreign host]
R7#telnet 192.168.45.10
Trying 192.168.45.10 ... Open
R2>exit
[Connection to 192.168.45.10 closed by foreign host]
R7#telnet 192.168.45.10
Trying 192.168.45.10 ... Open
R3>exit
[Connection to 192.168.45.10 closed by foreign host]
R7#telnet 192.168.46.10
Trying 192.168.46.10 ... Open
R1>exit
[Connection to 192.168.46.10 closed by foreign host]
R7#telnet 192.168.46.10
Trying 192.168.46.10 ... Open
R2>exit
[Connection to 192.168.46.10 closed by foreign host]
R7#
R4's NAT table:
R4#sho ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.45.10:23 192.168.0.1:23 200.0.0.7:51519 200.0.0.7:51519
tcp 192.168.46.10:23 192.168.0.1:23 200.0.0.7:64139 200.0.0.7:64139
tcp 192.168.46.10:23 192.168.0.2:23 200.0.0.7:11691 200.0.0.7:11691
tcp 192.168.45.10:23 192.168.0.2:23 200.0.0.7:62913 200.0.0.7:62913
tcp 192.168.45.10:23 192.168.0.3:23 200.0.0.7:17295 200.0.0.7:17295
I used two links just to show the flexibility of this configuration. I was playing around with route-map NAT failover/LB and then decided to work on this scenario.
Thanks! This example really helped me perform a similar config using destination NAT.
ReplyDeleteOtima dica!!!
ReplyDeleteFabricio Fagundes
Campo Bom - Brasil
I was not able to get this working with adding the secondary IP on the outside interface that corresponds to the match acl.
ReplyDeleteI will try on a different platform but are you sure it publishes arp automatically only based on the acl?
Regarding the ARP question, based on my lab, using FasthEthernet the virtual ip addresses defined in the ACL does not work. An IP Alias is required to do the ARP resolution.
ReplyDeleteIn this post the solution works because the NATing router is connected to a serial interfaces and these don't use ARP.
thanks a lot..is there any more scenario there
ReplyDeleteip virtual-reassembly
ReplyDeletewhy this is used...
Thank You so much !!!!
ReplyDeleteAJ
Hi !
ReplyDeleteIs it possible to make something similar on ASA? I have searched through documentation, google and I have found it impossible.
best regards,
Paweł K.