Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
7
Replies

Automatic Failover with VLAN subinterfaces

jkofosu
Level 1
Level 1

‎05-09-2007 05:42 AM - edited ‎03-03-2019 04:54 PM

Hello all,

I have a problem configuring our internet router. we have two main circuits from two different service providers which means two different IPs.

I need to configure static nat of different IP addresses base on ISP's IP for specific servers and nat overload on the external interface for the internal users.

Another requirement is that, the ISP changeover should be automatic (when one goes down, the other takes over automatically). I believe I have to use something like OER and route-maps but I am stuck.

Please advice.

Labels:
0 Helpful
7 Replies 7

mohammedmahmoud
Level 11
Level 11

‎05-09-2007 05:54 AM

hi,

It depends whether you want it Load-balancing or Primary and backup, you'll also need to add the static NAT for your server.

1-Load Balancing:

interface serial 0/0.1 point-to-point

description Connected to ISP1

ip nat outside

interface serial 0/1.1 point-to-point

description Connected to ISP2

ip nat outside

interface fastethernet 0/0

description Connected to LAN

ip nat inside

ip nat inside source list 10 interface serial0/0.1 overload

ip nat inside source list 10 interface serial0/1.1 overload

ip route 0.0.0.0 0.0.0.0 serial0/0.1 x.x.x.x (Default route to ISP1)

ip route 0.0.0.0 0.0.0.0 serial0/1.1 y.y.y.y (Default route to ISP2)

access-list 10 permit

2-Primary and Backup:

interface serial 0/0.1 point-to-point

description Connected to ISP1

ip nat outside

interface serial 0/1.1 point-to-point

description Connected to ISP2

ip nat outside

interface fastethernet 0/0

description Connected to LAN

ip nat inside

ip nat inside source list 10 interface serial0/0.1 overload

ip nat inside source list 10 interface serial0/1.1 overload

ip route 0.0.0.0 0.0.0.0 serial0/0.1 x.x.x.x (Default route to ISP1 - Primary)

ip route 0.0.0.0 0.0.0.0 serial0/1.1 y.y.y.y 254 (Default route to ISP2 - Backup)

access-list 10 permit

HTH, please do rate if is helpful,

Mohammed Mahmoud.

0 Helpful

jkofosu
Level 1
Level 1
In response to mohammedmahmoud

‎05-09-2007 06:13 AM

Hi Mohammed,

Thanks for the quick reply. I want to translate static external IP to the internal servers and the the internal users to the external interface. And also, since the static IP addresses for the servers would not be the same for each service provider. I would appreciate more insight.

Thanks.

0 Helpful

bjornarsb
Level 4
Level 4
In response to jkofosu

‎05-09-2007 08:18 AM

Hi,

For full redundancy to work for both IP segments upstream and downstream I would recomend Multihomed BGP.

Have a look at this example. Keep in mind that you need Provider independent IP addresses.

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#conf5

However if you hesitat to run multihomed BGP,

you loose redundancy for WEB servers.

Well to be honset its possible using Dynamic DNS, but I've no practical experience with it and you somehow need to change the IP on your servers.

So if we stick with your case and the IP's that you've got. Using floating static and NAT would solve your problem.

HTH

Regards,

Bjornarsb

0 Helpful

mohammedmahmoud
Level 11
Level 11
In response to jkofosu

‎05-09-2007 10:30 AM

Hi,

For your servers, plus the above configuration you'll need to use PBR, apply it to the input interface using "ip policy route-map server"

route-map server permit

match ip address 1

set ip next-hop ISP1

access-list 1 permit host

ip nat inside source static

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

0 Helpful

jkofosu
Level 1
Level 1
In response to mohammedmahmoud

‎05-09-2007 11:47 AM

hi Mohammed,

Based on the above configuration, the ip nat inside source static would translate to only one ip for a single service provider. This means that, when that link goes down, translation would not work for the backup link. Please correct me if I am wrong.

Thanks.

0 Helpful

mohammedmahmoud
Level 11
Level 11
In response to jkofosu

‎05-09-2007 12:09 PM

Hi,

You are right, but the idea is that the server IP is always required to be a fixed well know IP, acordingly it should be NATed to 1 IP, the problem is that you can't get the IPs of 1 provider to go out of the other provider, unless you get your own PI addresses (which also requires ASN and BGP) and then you can control to which provider this IP can go.

So i don't think that we have a solution to this problem.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

0 Helpful

jkofosu
Level 1
Level 1
In response to mohammedmahmoud

‎05-09-2007 12:16 PM

Thanks for this. Can we in any way try using the OER technology base route maps?

Again, this is something I dont know and reading about this, makes me think there is a way to do this.

Thanks for the help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card