one router 2 isp, backup links nat configuration

Unanswered Question
May 4th, 2007
User Badges:

this should be simple, i have 2 isp's on one router, i have a primary default route and a floating static default route, failover works fine except nat.


int fa0/0

ip nat outside

int dialer0

ip nat outside

int vlan10

ip nat inside

ip route 0.0.0.0 0.0.0.0 dialer0

ip route 0.0.0.0 0.0.0.0 x.x.x.x 10

ip nat sourc inside route-map nat int dialer0 overlad

ip nat source inside route-map nat_backup int fa0/0 overload


so fail over works, nat doesnt unless I manually remove one of the nat statments, then all works fine, shouldn't it just assign nat translations according to outbound interface. I'm missing something simple here.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
paolo bevilacqua Fri, 05/04/2007 - 12:21
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hello,


When in fail over mode, does dialer0 go down ? Unless it does, that will never work. If it does not go down, you can try ATM OAM PVC, or track object with IP SLA and tie the route to a tracked object.

Also please can you list your route-maps ?


mschooley Fri, 05/04/2007 - 12:59
User Badges:

you are correct, i am tracking dialer0 for ip routing so that when it loses its dhcp address that static route switches.


ip route 0.0.0.0 0.0.0.0 dialer0 track 1 (forgot about the tracking)


ip route-map nat permit 10

permit list 110

ip route-map nat_backup permit 10

permit list 110

access-list 110 permit 192.168.1.0 0.0.0.255

paolo bevilacqua Fri, 05/04/2007 - 13:42
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


so you would need to check the status of track 1 and the corresponding router on failure.


Note, a PBR config must exist for the tracked object, so that packets used for probe are forced to go out via dialer0.


Also note, for simplicity, you can replace "route-map" with "list" in your nat statements.


To show your appreciation for useful answers, please rate posts using the scrollbox below!

sundar.palaniappan Fri, 05/04/2007 - 13:49
User Badges:
  • Green, 3000 points or more

"Also note, for simplicity, you can replace "route-map" with "list" in your nat statements"


I have seen issues with a using a 'route-map' with NAT in this context and replacing it with 'list' got NAT going. That very well may be the case here provided routing isn't a problem.


HTH


Sundar



mschooley Fri, 05/04/2007 - 14:07
User Badges:

routing isnt an issue, failover works fine as if I disconnect dialer0, the default route changes to the backup link and pings from the router go out the back up link and when dialer0 comes back up it goes back the other way. I don't know why the list would work instead of a route-map, as they should both work. Note if is disconnect the primary and remove the dialer0 nat statement it works fine out the backup interface, then whey I bring dialer0 back up I have to remove the fa0/0 nat statement and put the dialer0 nat statement back, I am under the impression that it should work with both statements there.

sundar.palaniappan Fri, 05/04/2007 - 14:13
User Badges:
  • Green, 3000 points or more

I agree it should work with both statements in there. But, that's just my experience I was sharing. Can you try the NAT with the list in place of route-map and test?


HTH


Sundar

paolo bevilacqua Fri, 05/04/2007 - 14:49
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Ok, so beside trying with "list" instead of "route-map", I would try a "clear ip nat trans *" after producing the failover condition, another thing, would you try the following route map:


route-map nat_backup

match ip address 110

set ip next-hop x.x.x.x


That is a combination of PBR statements in a NAT route-list, haven't tried that myself, but it's worth a try perhaps.






Actions

This Discussion