dual WAN cisco 1811 failover

Unanswered Question
Sep 18th, 2008

Hello! I have a router cisco 1811 with 2 of the WAN interface.

I have to configure the WAN connection with two different ISPs to allow failover.

My current setup is as follows:

ip route ip_isp-router_1

ip route ip_isp-router_2

With this setup, my LAN can connect to the Internet.

But when I disconect one of the two WAN interface to test failover, does not work.

The LAN lose access to the Internet,

Someone can help me please? or show me basic configuration? I do routing protocols

must create? The NTA will only work with a WAN connection .....

Thank you very much!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Thu, 09/18/2008 - 10:24

Hello Surfinan,

>> The NTA will only work with a WAN connection .....

First of all you need a public address pool from each of the ISP.

Post a filtered version of your config by removing public ip addresses (change them or hide with a X the second and third byte)

So you can get better help

This kind of configuration uses a route-map with multiple clauses to call for the address pools.

Or the two ISPs act as primary and backup and agree on routing to you in case of failure using the second ISP

Hope to help


policreditos Thu, 09/18/2008 - 11:22

Thanks Giuseppe!

I meant NAT, no NTA, jajaj excuse me

Yes, I need to use one ISP to access to the internet and in case this ISP failure, use the second ISP automatically.

Show running-config:



interface FastEthernet0

description $ETH-WAN$

ip address 200.xxx.xxx.201

duplex auto

speed auto


interface FastEthernet1

description $ETH-WAN$

ip address 200.xxx.xxx.217

duplex auto

speed auto


interface FastEthernet2


interface FastEthernet3


interface FastEthernet4


interface FastEthernet5


interface FastEthernet6


interface FastEthernet7


interface FastEthernet8


interface FastEthernet9


interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$

ip address

ip mask-reply

ip directed-broadcast

ip route-cache flow

ip tcp adjust-mss 1452


interface Async1

no ip address

encapsulation slip


ip route 200.xxx.xxx.1 permanent

ip route 200.xxx.xxx.202 permanent



ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000


access-list 1 remark SDM_ACL Category=2

access-list 1 permit

no cdp run








John Blakley Thu, 09/18/2008 - 11:34

Try setting your routes with a higher metric

The route that you want your packets to take most:

ip route 200.xxx.xxx.1

The route as a backup

ip route 200.xxx.xxx.202 200

200 is the metric, but it's higher than your first, so the first will always be used unless it isn't responding.


policreditos Thu, 09/18/2008 - 11:59

Thanks John, I'm going to do that.

But still can't access internet from the LAN

If I set NAT yes I can, but this only works with one WAN, and the second WAN doesn't work when the first fails.

Giuseppe Larosa Thu, 09/18/2008 - 12:04


I had understood you were meaning NAT, post your NAT config to get better help.

I agree you need to use a different AD (it is not a metric it is an AD but the suggestion is useful)

Are you using two address pools one from each provider or only one ?

Hope to help


policreditos Thu, 09/18/2008 - 12:21

I don't have NAT enabled, because it works with only one WAN interface.

How I must setup a pool to configure NAT to work with two WAN connections?

John Blakley Thu, 09/18/2008 - 12:43

Not sure, but try this:


ip nat out


ip nat out


ip nat in

access-list 100 permit ip any

ip nat inside sour list 100 int fa0 over

ip nat insid sour list 100 int fa1 over

ip route

ip route 254

I don't know if this will work, but my thought is that the traffic for your "backup" nat pool won't be used unless there's traffic going out that route.


This Discussion