I have a three internet access from different ISP. So I have 3 untrust(ethernet1/1, ethernet1/2, ethernet1/3) interface and on trust(ethernet1/4) interface. All of them are in same virtual router. The default route will be on ethernet1/1 interface (0.0.0.0/0 -> default gateway of ethernet 1/1)
I would like to use ethernet1/1 interface for some of internal IPs called X, so I made a source NAT. All traffic coming from these IP group will be use ethernet1/1 for internet access.(trust -> untrust, from X to any -> source nat on ethernet1/1)
The rest of the internal IPs will go to internet from ethernet1/2. To achive this which method is more suitable. NAT or PBF?
I would like to forward the traffic to ethernet1/3 to access my internal server on a remote branch office.
I am planning to write a PBF for this route. If I write a PBF, do I have to create a NAT rule too? or does PBF also handle NAT functionality?
Finally, Do I have to create additional route then default route in virtual router ?
Solved! Go to Solution.
I believe you are on the right track with the PBF and NAT. PBF does not take care of NAT so you will have to do that separately. The final configuration will depend on how you want the ISP redundancy to work (if any). In any case you will have a combination of default route, PBF rules, and NAT rules.
You said that "PBF does not take care of NAT so you will have to do that separately"
But I have some doubts about this issue. Let me explain with an example.
Let's that I have to ISP connection. If I want to forward only all youtube requests to second ISP via ethernet1/3.
The rest of the traffic will go over first ISP. I can write a PBF rule for youtube. Because PBF support rule for applications.
But, how can I write a NAT for only youtube application? There is no way to specify application in NAT rules.
If I create a service based NAT rule, It can be only HTTP service, In this case all HTTP traffic will go over second ISP?
I guess, PBF does not require extra NAT rules?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!