From: zesty@usa.com
Date: Wed Feb 14 2007 - 01:08:11 ART
I would like to elaborate on Josef's explaination a little bit.  When the
route-map has multiple match on separate lines, it's a logical AND.  That
 means all the match lines has to be true for that 'route-map permit' to
be executed.  In the configuration, it says ' if the source address is X
and forwarding (outside) interface is Y, use the nat-pool XY (or NAT the
address using Y's address'.  Similarly, the second route-map says ' if
the source address is X and forwarding (outside) interface is Z, use the
nat-pool XZ (or NAT the address using Z's address'.  You can have two ISP
connections active at the same time, depends on which exit gateway, the
NAT will use the approriate NAT address (pool).  Of course, the flows
that exit on gateway A has to return the packet thru the same gateway A,
else the NAT will fail due to asymmetry routing, and you cannot use per
packet load balancing (same session but EACH PACKET is load balanced
among the available paths). This Cisco link has a good summary of NAT.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a008
0091cb9.shtml
Regards, Tom
  ----- Original Message -----
  From: "Josef A"
  To: Shamin
  Subject: Re: NAT using route-map
  Date: Sun, 11 Feb 2007 12:59:20 -0500
  On 2/11/07, Josef A wrote:
  >
  > I think this an application of NAT redundancy. You can have a
  scenario
  > with two or more NAT outside interfaces, you can configure NAT to
  translate
  > source addresses using the currently active OUTSIDE interface with
  the
  > overload option. You will configure two ip nat inside statements
  each with
  > its own route-map matching the source network and outside
  interface, with
  > the overload option.
  >
  > If you show ip nat translations, you will notice that NAT is
  overloading
  > on the currently active OUTSIDE interface. If you shut down the
  currently
  > active interface, and clear all nat translations, you will notice
  the
  > failover to the other interface.
  >
  > Hope this helps
  > Josef
  >
  >
  >
  >
  > On 2/11/07, Shamin wrote:
  > >
  > > Hi all,
  > >
  > > I am also stuck with the same issue. I do not understand the use
  of
  > > two
  > > match statements in the route map,One for the range of IPs to
  match and
  > > the
  > > other for the the outgoing interface.
  > > And the route map is put in the ip nat statement after inside
  source.
  > >
  > > Please can any one explain this, I have read through all the
  FAQ's in
  > > the
  > > Cisco DOC website ,still cant get this out,.
  > >
  > > regards
  > > Shamin
  > >
  > >
  > > On 2/9/07, nhatphuc wrote:
  > > >
  > > > Hi Joe,
  > > > This is my configuration:
  > > > int f0/0
  > > > ip address 10.0.0.1 255.255.255.0
  > > > ip nat inside
  > > >
  > > > int s0/0
  > > > ip address 192.168.1.1 255.255.255.0
  > > > ip nat outside
  > > >
  > > > int s0/1
  > > > ip address 192.168.2.1 255.255.255.0
  > > > ip nat outside
  > > >
  > > > access-list 1 permit 10.0.0.0 0.0.0.255
  > > > route-map INT0
  > > > match ip address 1
  > > > match int s0/0 (versus: set int s0/0)
  > > >
  > > > route-map INT1
  > > > match ip address 1
  > > > match int s0/1 (versus: set int s0/1)
  > > >
  > > > ip nat inside source route-map INT0 interface s0/0 overload
  > > > ip nat inside source route-map INT1 interface s0/1 overload
  > > >
  > > > Thanks
  > > >
  > > > Phuc
  > > >
  > > > On 2/9/07, Joe Chang wrote:
  > > > >
  > > > > Hi Phuc,
  > > > >
  > > > > Can you show me the rest of the configuration ?
  > > > >
  > > > > Thanks,
  > > > > Joe
  > > > >
  > > > > CCIE 16805
  > > > >
  > > > > ----- Original Message -----
  > > > > From: "nhatphuc" < nhatphuc@gmail.com >
  > > > > To: "Cisco certification"
  > > > > Sent: Thursday, February 08, 2007 7:34 AM
  > > > > Subject: NAT using route-map
  > > > >
  > > > >
  > > > > > HI Group,
  > > > > >
  > > > > > Can you give me an example to make clear the purpose of the
  2
  > > > following
  > > > > > route-maps?
  > > > > >
  > > > > > route-map TEST1
  > > > > > match network ....
  > > > > > match interface ....
  > > > > >
  > > > > > route-map TEST2
  > > > > > match network ....
  > > > > > set interface ....
  > > > > >
  > > > > > This route-map used in NAT to set the outgoing interface.
  > > > > >
  > > > > > Thanks
  > > > > >
  > > > > > Phuc
  > > > > >
  > > > > >
  > > >
  > >
  _______________________________________________________________________
  > > > > > Subscription information may be found at:
  > > > > > http://www.groupstudy.com/list/CCIELab.html
  > > >
  > > >
  > >
  _______________________________________________________________________
  > > > Subscription information may be found at:
  > > > http://www.groupstudy.com/list/CCIELab.html
  > >
  > >
  _______________________________________________________________________
  > > Subscription information may be found at:
  > > http://www.groupstudy.com/list/CCIELab.html
  _______________________________________________________________________
  Subscription information may be found at:
  http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART