cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
840
Views
5
Helpful
7
Replies

one router 2 isp, backup links nat configuration

mschooley
Level 1
Level 1

this should be simple, i have 2 isp's on one router, i have a primary default route and a floating static default route, failover works fine except nat.

int fa0/0

ip nat outside

int dialer0

ip nat outside

int vlan10

ip nat inside

ip route 0.0.0.0 0.0.0.0 dialer0

ip route 0.0.0.0 0.0.0.0 x.x.x.x 10

ip nat sourc inside route-map nat int dialer0 overlad

ip nat source inside route-map nat_backup int fa0/0 overload

so fail over works, nat doesnt unless I manually remove one of the nat statments, then all works fine, shouldn't it just assign nat translations according to outbound interface. I'm missing something simple here.

7 Replies 7

paolo bevilacqua
Hall of Fame
Hall of Fame

Hello,

When in fail over mode, does dialer0 go down ? Unless it does, that will never work. If it does not go down, you can try ATM OAM PVC, or track object with IP SLA and tie the route to a tracked object.

Also please can you list your route-maps ?

you are correct, i am tracking dialer0 for ip routing so that when it loses its dhcp address that static route switches.

ip route 0.0.0.0 0.0.0.0 dialer0 track 1 (forgot about the tracking)

ip route-map nat permit 10

permit list 110

ip route-map nat_backup permit 10

permit list 110

access-list 110 permit 192.168.1.0 0.0.0.255

Hi,

so you would need to check the status of track 1 and the corresponding router on failure.

Note, a PBR config must exist for the tracked object, so that packets used for probe are forced to go out via dialer0.

Also note, for simplicity, you can replace "route-map" with "list" in your nat statements.

To show your appreciation for useful answers, please rate posts using the scrollbox below!

"Also note, for simplicity, you can replace "route-map" with "list" in your nat statements"

I have seen issues with a using a 'route-map' with NAT in this context and replacing it with 'list' got NAT going. That very well may be the case here provided routing isn't a problem.

HTH

Sundar

routing isnt an issue, failover works fine as if I disconnect dialer0, the default route changes to the backup link and pings from the router go out the back up link and when dialer0 comes back up it goes back the other way. I don't know why the list would work instead of a route-map, as they should both work. Note if is disconnect the primary and remove the dialer0 nat statement it works fine out the backup interface, then whey I bring dialer0 back up I have to remove the fa0/0 nat statement and put the dialer0 nat statement back, I am under the impression that it should work with both statements there.

I agree it should work with both statements in there. But, that's just my experience I was sharing. Can you try the NAT with the list in place of route-map and test?

HTH

Sundar

Ok, so beside trying with "list" instead of "route-map", I would try a "clear ip nat trans *" after producing the failover condition, another thing, would you try the following route map:

route-map nat_backup

match ip address 110

set ip next-hop x.x.x.x

That is a combination of PBR statements in a NAT route-list, haven't tried that myself, but it's worth a try perhaps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: