Cisco. Два провайдера. NAT. ! ! 1. создать по vrf(т.е. виртуальный роутер ;-) ) на каждого провайдера ! 2. соединить каждый из этих vrf туннелем с ! "главным"(умолчательным, реальным ) роутером ! 3. настроить nat _внутри_ виртуальных роутеров ! ip vrf PROV1 description PROV1 rd 555:555 ! ip vrf PROV2 description PROV2 rd 333:333 ! ip sla monitor 21 type echo protocol ipIcmpEcho _IP_ source-interface Loopback21 timeout 2000 ip sla monitor schedule 21 life forever start-time now ! ip sla monitor 31 type echo protocol ipIcmpEcho _IP_ source-interface Loopback31 timeout 2000 ip sla monitor schedule 31 life forever start-time now ! track 211 rtr 21 reachability delay down 150 up 5 ! track 311 rtr 31 reachability ! interface Tunnel21 ip address 10.2.2.1 255.255.255.252 ip mtu 2000 tunnel source Loopback22 tunnel destination 10.0.2.1 ! interface Tunnel31 ip address 10.3.3.1 255.255.255.252 ip mtu 2000 tunnel source Loopback33 tunnel destination 10.0.3.1 ! interface Tunnel201 ip vrf forwarding PROV1 ip address 10.2.2.2 255.255.255.252 ip mtu 2000 ip nat inside ip virtual-reassembly tunnel source Loopback2 tunnel destination 10.0.2.2 ! interface Tunnel301 ip vrf forwarding PROV2 ip address 10.3.3.2 255.255.255.252 ip mtu 2000 ip nat inside ip virtual-reassembly tunnel source Loopback3 tunnel destination 10.0.3.3 ! interface Loopback0 ip address 10.10.0.1 255.255.255.0 no ip route-cache cef no ip route-cache ! interface Loopback1 ip address 10.10.1.1 255.255.255.0 no ip route-cache cef no ip route-cache ! interface Loopback2 ip address 10.0.2.1 255.255.255.255 ! interface Loopback3 ip address 10.0.3.1 255.255.255.255 ! interface Loopback4 ip address 10.0.4.1 255.255.255.255 ! interface Loopback5 ip address 10.0.5.1 255.255.255.255 ! interface Loopback21 ip address _IP_ 255.255.255.255 ! interface Loopback22 ip address 10.0.2.2 255.255.255.255 ! interface Loopback31 ip address _IP_ 255.255.255.255 ! interface Loopback33 ip address 10.0.3.3 255.255.255.255 ! interface Loopback201 ip vrf forwarding PROV1 ip address 10.2.1.1 255.255.255.255 ! interface Loopback301 ip vrf forwarding PROV2 ip address 10.3.1.1 255.255.255.255 ! interface GigabitEthernet0/_N_ description MY_LOCALNET ip address _IP_ ip policy route-map ISP ! interface Vlan333 description PROV1 ip vrf forwarding PROV1 ip address _IP_ ip nat outside ! interface Vlan444 description PROV2 ip vrf forwarding PROV2 ip address _IP_ ip nat outside ! ip route 10.2.0.0 255.255.0.0 Tunnel21 ip route 10.3.0.0 255.255.0.0 Tunnel31 ! ip route _IP_ 255.255.255.255 Tunnel31 ip route _IP_ 255.255.255.255 Tunnel31 ip route _IP_ 255.255.255.255 Tunnel21 ip route _IP_ 255.255.255.255 Tunnel21 ! ip route vrf PROV1 0.0.0.0 0.0.0.0 _IP_ ip route vrf PROV1 _IP_ Tunnel201 ! ip route vrf PROV2 0.0.0.0 0.0.0.0 _IP_ ip route vrf PROV2 _IP_ Tunnel301 ! ip nat pool PROV1-pool-1-128 _IP_ _IP_ netmask 255.255.255.0 ip nat pool PROV2-pool-1-128 _IP_ _IP_ netmask 255.255.255.0 ip nat pool PROV1-pool-1-127 _IP_ _IP_ netmask 255.255.255.0 ip nat pool PROV2-pool-1-127 _IP_ _IP_ netmask 255.255.255.0 ip nat pool PROV1-pool-1-102 _IP_ _IP_ netmask 255.255.255.0 ip nat inside source list NAT-to-PROV1 pool PROV1-pool-1-128 vrf PROV1 overload ip nat inside source list NAT-to-PROV1-102 pool PROV1-pool-1-102 vrf PROV1 overload ip nat inside source list NAT-to-PROV2 pool PROV2-pool-1-128 vrf PROV2 overload ip nat inside source static _IP_ _IP_ vrf PROV2 ip nat inside source static _IP_ _IP_ vrf PROV1 ! ip access-list extended NAT-to-PROV1 deny ip host _IP_ any permit ip _IP_ any ip access-list extended NAT-to-PROV1-40 permit ip host _IP_ any ip access-list extended NAT-to-PROV2 deny ip host _IP_ any permit ip _IP_ any ip access-list extended NAT-to-PROV2-40 permit ip host _IP_ any ip access-list extended toPROV1 deny ip any host 255.255.255.255 permit ip _IP_ any ip access-list extended toPROV2 deny ip any host 255.255.255.255 permit ip _IP_ any ! route-map PROV2-map permit 100 match ip address NAT-to-PROV2 ! route-map PROV2-map-40 permit 100 match ip address NAT-to-PROV2-40 ! route-map ISP permit 50 match ip address toPROV2 set ip next-hop verify-availability 10.3.3.2 100 track 311 set ip next-hop verify-availability 10.2.2.2 200 track 211 set ip next-hop _IP_ ! route-map ISP permit 150 match ip address toPROV1 set ip next-hop verify-availability 10.2.2.2 100 track 211 set ip next-hop verify-availability 10.3.3.2 200 track 311 set ip next-hop _IP_ ! end