multiple ISPs, incoming traffic

Unanswered Question
Jul 9th, 2009
User Badges:

Forgive me for my ignorance but I don't know enough to even search for relevant posts... I have a Cisco 2811 router. I have a T1 and a Cable Internet connection. I want to be able to configure the router to answer incoming SMTP traffic from either WAN interface in the event one goes down. I've configured my MX records to point to both addresses but according to my reseller, this router can be configured to do this but the configuration is complicated and is not recommended. They said it can handle outgoing redundancy but not incoming... Can this be done? What is the best way to configure my network to handle redundant incoming connections?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (4 ratings)
paolo bevilacqua Thu, 07/09/2009 - 07:48
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

What you're doing is acceptable.

Just configure two static inside nat translations.

If you never configured cisco before, hire someone for the job, you will save time and frustration.

brian.mcconkey Thu, 07/09/2009 - 08:19
User Badges:

I'm working with my vendor's CCNE on this and the frustration and time are both increasing. He is worried about asymetric routing and the failures that would occur if my SMTP server replied with a different IP address than the requesting server sent to due to the primary IP connection failing.

kwillacey Thu, 07/09/2009 - 09:52
User Badges:
  • Bronze, 100 points or more

Hi Paolo,

How is that possible? I thought the router would not be able to do a translation to the same IP on the same port, in fact the router would just replace it.

ip nat inside source static tcp 25 interface FastEthernet0/0 25

ip nat inside source static tcp 25 interface FastEthernet0/1 25

So if I try to add both the router would replace it and would only reflect the last one that was added.

I have always had this problem, how do you get around this without the use of a second router?

osiristrading Thu, 07/09/2009 - 10:49
User Badges:

Lazy solution: add another IP address to the server and NAT to that address for the backup MX. Then use a route-map to send traffic from that IP out of Fa0/1. Just make sure your mail server software will listen on both IP addresses.

brian.mcconkey Thu, 07/09/2009 - 12:01
User Badges:

Thank you all for your responses. I like the lazy solution. I will investigate this.

paolo bevilacqua Thu, 07/09/2009 - 13:02
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi, tell the CCNE, there is never asymmetric routing with NAT.

Please remember to rate useful posts with the scrollbox below.

brian.mcconkey Mon, 07/13/2009 - 05:37
User Badges:

Thanks everyone for responding to this. The multiple ip addresses on my SMTP server sounded like a good solution. Unfortunately, I use a Barracuda Spam firewall and they've got it locked down tight. The GUI doesn't allow for multiple addresses and I don't have root access to the CMD line.

I asked about the asymetric routing and he said it was not true asymetric routing but was essentially the same. Requests coming in one connection could be answered by another causing drops.

I'm trying to get my reseller to take back the 2811 and get a fatpipe or barracuda link balancer.

Thanks again,


Rick Morris Mon, 07/13/2009 - 05:54
User Badges:
  • Silver, 250 points or more

You could get your own ASN, your own IP block and run BGP. This will allow you to announce your IP block out to both providers thus eliminating the need to have 2 separate IP blocks and 2 separate IP NAT's. Then you control what ISP you route through as a primary and with BGP it is dynamic. You also have the option of balancing traffic in and out based on meds. It will not be a 50/50 balance but you are able to traffic shape and will privide you with what you are looking for.

Also, one word of caution, rating posts with a 1 is like telling the person to never help you again. If the post was not helpful my suggestion would be to either post that, and or ask for clarification. There are some great people on here and consistant poor ratings will eventually result in no one helping you.

brian.mcconkey Mon, 07/13/2009 - 06:05
User Badges:

At this point, getting a link balancer sounds like my best option.

I definitely don't want to offend anyone. I appreciate everyone who attempts to help. How do I rate a post where someone recommends a solution that does not resolve my issue? Do I leave them as not rated?



Rick Morris Mon, 07/13/2009 - 06:53
User Badges:
  • Silver, 250 points or more

Rating a post is good, even if it is a 1, this will help others know that the answer they gave was not any help. However, as I read through these the posts may not have been bad, they just needed more clarification or may not have been the "right" solution for you. In this case leaving it unrated would have been the best option.

Or rating a post that is completely wrong with a 1 is appropriate.

Remember there are many ways to get to the end result, this is why these forums are so great. We learn from each other and there are a lot of great mentors on this forum. Just because a post may not be what someone needs or is the path that person is going down does not make it not helpful or wrong. As a matter of fact it may help someone else with their solution.


This Discussion