I have a feeling the answer is policy-routing, but I'd like someone to clarify that.
Basically I'm not having any luck getting NAT to work with two WAN interfaces.
I have two WAN interfaces: fe0/1 (static, 200.200.200.2/30, gw 200.200.200.1/30) and fe0/0/0 (Dialer1).
I've setup permanent static routes for various IPs to route out through fe0/1. I believe this is working ok — I can traceroute from the IOS shell and it's going out fe0/1. I also have NAT working for Dialer1; machines on the LAN can get out without issue. However, machines on the LAN cannot get out on fe0/1 (ping static.routed.ip.address
doesn't work).
Here's what I have in my config that's relevant:
access-list 1 permit 192.168.0.0 0.0.0.255
ip nat inside source list 1 interface Dialer1 overload
I've tried adding a pool and associating it with access-list 1; I also created another access-list 15
with the same LAN ip network address, but they all just seem to "replace" the NAT scheme so that my static routes work for fe0/1 (tested from LAN with ping static.routed.ip.address
), but stop working for Dialer1 (fe0/0/0).
Policy-routing the only way to go here?
EDIT
I should clarify that yes, I do need to NAT overload out both interfaces: I chose to setup static routes over policy routes because I don't really care what the source IP/mask is, but the destination: any LAN packet that matches the destination address of my static routes needs to go out the fe0/1 WAN interface.
Like I said, this works from the router at all times and does work from the LAN if I run:
ip nat inside source list 1 interface FastEthernet0/1 overload
but that kills outbound NAT for the Dialer1 (default route) and thus all other outbound traffic.
Best Answer
I think the answer lies with
route-map
as quoted here from the following Cisco support Website: https://supportforums.cisco.com/docs/DOC-3987EDIT: Tested with route-map, works.