NAT or policy based routing in multiple ISP case

Reply
L0 Member

NAT or policy based routing in multiple ISP case

Hi,

I have a three internet access from different ISP. So I have 3 untrust(ethernet1/1, ethernet1/2, ethernet1/3)   interface and on trust(ethernet1/4) interface. All of  them are in same virtual router. The default route will be on  ethernet1/1 interface (0.0.0.0/0 -> default gateway of ethernet 1/1)

I would like to use ethernet1/1 interface for some of internal IPs called X, so I made a source NAT. All traffic coming from these IP group will be use ethernet1/1 for internet access.(trust -> untrust,  from X  to any  -> source nat on ethernet1/1)

The rest of the internal IPs will go to internet from ethernet1/2. To achive this which method is more suitable. NAT or PBF?

I would like to forward the traffic to ethernet1/3 to access my internal server on a remote branch office.

I am planning to write a PBF for this route. If I write a PBF, do I have to create a NAT rule too? or does PBF also handle NAT functionality?

Finally, Do I have to create additional route then default route in virtual router ?

Thanks.

Tags (3)
L4 Transporter

Re: NAT or policy based routing in multiple ISP case

Hi Ismail,

I believe you are on the right track with the PBF and NAT.  PBF does not take care of NAT so you will have to do that separately.  The final configuration will depend on how you want the ISP redundancy to work (if any).  In any case you will have a combination of default route, PBF rules, and NAT rules.

Cheers,

Kelly

L0 Member

Re: NAT or policy based routing in multiple ISP case

Thanks for your feedback.

L0 Member

Re: NAT or policy based routing in multiple ISP case

Hi Kelly,

You said that "PBF does not take care of NAT so you will have to do that separately"

But I have some doubts about this issue. Let me explain with an example.

Let's that I have to ISP connection. If I want to forward only all youtube requests to second ISP via ethernet1/3.

The rest of the traffic will go over first ISP. I can write a PBF rule for youtube. Because PBF support rule for applications.

But, how can I write a NAT for only youtube application? There is no way to specify application in NAT rules.

If I create a service based NAT rule, It can be only HTTP service, In this case all HTTP traffic will go over second ISP?

I guess, PBF does not require extra NAT rules?

Thanks.

jpa
L4 Transporter

Re: NAT or policy based routing in multiple ISP case

Ismail

You can write the NAT rule to match the destination interface- i..e any traffic going out via e1/3 which in your case is the youtube traffic.

That will be one way to tie the NAT rule with PBF rule.

Thank you

jerish

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!