Implement dual-address dual-Egress + NAT through Cisco Policy Routing

This article describes how to configure dual-address dual-Egress and how to apply NAT configurations. I believe this article will help you.

Environment Description: uses the Cisco2621XM + NE-1E module, which has two FastEthernet and one Ethernet port.

Now we use Ethernet port 1/0 to connect to the internal LAN, simulating a policy route based on the original address when there are 100.100.23.0 255.255.255.0.0 and 100.24.0 255.255.255.0.0 clients internally.

Fastethernet 0/0 simulates the first ISP access port, and Fastethernet 0/1 simulates the second ISP access port. The addresses are respectively the Fastethernet 0/0 IP address 192.168.1.2 255.255.255.0 peer ISP address 192.168.1.1 255.255.255.0

Fastethernet 0/1 IP address 192.168.2.2 255.255.255.0 peer ISP address 192.168.2.1 255.255.255.0

Data Traffic of different original addresses is diverted through a policy route, so that hosts of different original addresses can access the Internet through different ISP interfaces and convert different original address hosts to different NAT addresses.

Specific Configuration:

Version 12.2:

Service timestamps debug uptime

Effect Test:

View route table

Router # show ip route

Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP

D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area

N1-ospf nssa external type 1, N2-ospf nssa external type 2

E1-OSPF external type 1, E2-OSPF external type 2, E-EGP

I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2

Ia-IS inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route

100.0.0.0/16 is subnetted, 1 subnets

C 100.100.0.0 is directly connected, Ethernet1/0

C 192.168.1.0/24 is directly connected, FastEthernet0/0

C 192.168.2.0/24 is directly connected, FastEthernet0/1

S * 0.0.0.0/0 [0, 1/0] via 192.168.1.1

[1/0] via 192.168.2.1

Two static routes are found!

View ip Nat translations

Router # sho ip nat translations

Pro Inside global Inside local Outside global

Icmp 192.168.1.2: 1024 100.100.23.23: 1024 1.1.1.1: 1024 1.1.1.1: 1024

Icmp 192.168.2.2: 1280 100.100.24.23: 1280 1.1.1.1: 1280 1.1.1.1: 1280

Because the vro1.1.has an external address 1.1.1.1, it is used to simulate the Internet public network address. It is found that the traffic of hosts in different network segments has indeed accessed external resources from different egress, and different Nat addresses are used for address translation!

Note: The NAT address translation function is required for most ISP scenarios. However, in some special cases, the NAT Function is not required. If the NAT Function is not used, remove the NAT configuration in the configuration,

Remove ip nat inside source list 1 interface FastEthernet0/0 overload and ip nat inside source list 2 interface FastEthernet0/1 overload in this configuration

And remove the ip Nat outside and ip nat inside configurations on the port to implement a policy route without NAT.

The above test can implement the policy routing function based on the original address. You can access the Internet through different ISP interfaces for different traffic based on the original Intranet address, but the two-link mutual backup function is not yet implemented, that is, when any link fails, the other link cannot be automatically used for backup, resulting in some of the corresponding intranet hosts being unable to access the Internet.