NAT with Backup Interface on 871

Unanswered Question
May 30th, 2008

I had a 871 between a LAN and two networks one Outside and another "inside" (different sub-net) LAN provided by an outdoor wireless device.

I need to NAT inside LAN to Outside while the outdoor wireless stay up, but if the wireless goes down I need to NAT a specific "inside" address to make transparent to clients the change. As in the draft below I need when the Desktop (10.5.1.111) try to connect to Server (10.1.1.239) during a Wireless fail the Server address (10.1.1.239) be "NATTED" to 172.16.1.1. The Desktop default gateway is the 871.

I'm trying to detect wireless down creating an additional VLAN interface as backup interface for VLAN1.

I was able to NAT the Outside network and route packets while inside network is connected to VLAN1, but when I connect the inside network to VLAN2 I start to lost packets.

Anyone has any idea what I'm doing wrong ? My objective is reachable ?

A draft of my connections (copy&paste to notepad w/ "Fixesys" font to see correct ident):

.........................* Desktop *

.........................(10.5.1.111)

..............................|

---------------------------------------

.....|........................|

(10.5.1.253).............(Unnumbered)

*** 871 ***..............* Wireless *

(172.16.5.253)...........** Bridge **

.....|.......................\ /

(172.16.5.1).................\ /

*WAN Cloud*...................|

(172.16.1.5)................./ \

.....|......................./ \

(172.16.1.1)............* Wireless *

*** NAT ***.............** Bridge **

(10.1.1.3)..............(Unnumbered)

.....|........................|

.....|..................(10.5.1.254)

.....|..................*L3 Switch*

.....|..................(10.1.1.254)

---------------------------------------

................|

.............Server

..........(10.1.1.239)

What I had done at 871:

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

switchport access vlan 2

!

interface FastEthernet3

switchport access vlan 2

!

interface FastEthernet4

ip address 172.16.5.253 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

backup delay 10 30

backup interface Vlan2

ip address 10.5.1.253 255.255.255.0

ip nat inside

no ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Vlan2

ip address 10.5.1.253 255.255.255.0

ip nat inside

no ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Vlan1 10.5.1.254

ip route 0.0.0.0 0.0.0.0 Vlan2 172.16.5.1 250

ip route 172.16.1.0 255.255.255.240 FastEthernet4 172.16.5.1

!

ip nat pool IPVPN_UN05 172.16.5.2 172.16.5.252 prefix-length 24 type match-host

ip nat inside source list 100 pool IPVPN_UN05

!

access-list 100 permit ip 10.5.0.0 0.0.255.255 172.16.0.0 0.0.255.255

no cdp run

TIA,

Felicio Santos

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion