04-26-2009 01:13 AM - edited 03-04-2019 04:31 AM
Dear All,
I have 2 links from 2 different ISP.I have got cisco router in my end.Got 2 interface and in both i have the 2 link connected.
My problem is: whenever one link goes down mainly marked as primary , other marked as secondary should work automatically.
I want of use private ips to my end machines.
How to configure so that the link automatically routes via 2 different links..
04-26-2009 03:48 AM
Hello Shiva,
the routing part is relative easy and involves the usage of two default static routes the second floating (with a specified AD)
like
ip route 0.0.0.0 0.0.0.0 primary
ip route 0.0.0.0 0.0.0.0 secondary 200
! here that 200 is an AD for the route
! in this way the first is used
The most difficult is to manage NAT multihoming:
each ISP expects you use its own public address block when talking with him
see the following whitepaper about NAT multihoming
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml
you need to create two route-maps in which you check the ip addresses and you set the exit interface
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
route-map NAT-to-ISP1 permit 10
match ip address 101
set interface primary
route-map NAT-to-ISP2 permit 10
match ip address 102
set interface secondary
ip nat inside source route-map NAT-to-ISP1 int primary overload
ip nat inside source route-map NAT-to-ISP2 int secondary overload
You can achieve redundancy, not load balancing
About smarter detection of primary link failure see
reliable static routing
http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html#wp1066247
Hope to help
Giuseppe
04-26-2009 05:12 AM
G:
What is the purpose of the set interface command?
Im trying to lab it out, but I need another routed interface on my router and the 3550s I have dont do NATing.
Given the NAT order of operations, a packet received an the inside interface will first get NATed, then routed, so the NAT route map will kick in. Without the set interface command, the packet should still get routed to the exit interface because of the static route. No?
Victor
04-27-2009 10:22 AM
Giuseppe?
04-27-2009 11:26 AM
Victor,
Maybe his typo!. (grin)
!
route-map NAT-to-ISP1 permit 10
match interface primary
route-map NAT-to-ISP2 permit 10
match interface secondary
!
When the router looks for NAT statements line by line. That will help the router to correctly do NAT on the correct interface that packets are being sent.
No need to use ACL 101 and 102 in this case.
HTH,
Toshi
05-25-2009 11:12 PM
Hi All,
This config is great. I'm assuming that the policy is applied on both WAN1 and WAN2?
ip dhcp pool LAN
network 172.16.13.0 255.255.255.0
default-router 172.16.13.1
dns-server 61.88.88.88
lease 7
!
interface FastEthernet0/0
description WAN LINK VLAN 100
ip address 10.0.0.250 255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map NAT-to-ISP1
speed 100
full-duplex
!
interface FastEthernet0/1
description WAN LINK VLAN 200
ip address 10.0.10.250 255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map NAT-to-ISP2
speed 100
full-duplex
!
interface FastEthernet2/0
description LAN LINK
ip address 172.16.13.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1 10 name PRIMARY
ip route 0.0.0.0 0.0.0.0 10.0.10.1 20 name SECONDARY
!
ip nat inside source route-map NAT-to-ISP1 interface FastEthernet0/0 overload
ip nat inside source route-map NAT-to-ISP2 interface FastEthernet0/1 overload
!
access-list 35 permit 172.16.13.0 0.0.0.255
!
route-map NAT-to-ISP2 permit 10
match ip address 35
match interface FastEthernet0/1
!
route-map NAT-to-ISP1 permit 10
match ip address 35
match interface FastEthernet0/0
!
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide