Redundant internet connection on 831

Unanswered Question
Aug 25th, 2009

I have an 831 router with a cable connection to the internet. I would like to add a data/voice T1 as a backup internet connection. I'm going to try using Reliable Static Routing Backup Using Object Tracking but I can't find examples with NAT in place.

This is what I would use based on the documents I've found:

ip sla 1

icmp echo 63.123.252.1

timeout 1000

frequency 3

threshold 2

ip sla schedule 1 life forever start-time now

track 123 rtr 1 reachability

access-list 100 permit icmp any host 63.123.252.1 echo

route-map redundant permit 10

match ip add 100

set int ethernet 1 null 0

ip local policy route-map redundant

ip route 0.0.0.0 0.0.0.0 96.57.73.249 track 123

ip route 0.0.0.0 0.0.0.0 64.115.93.201

The problem is that I'm using NAT statements in the current configuration. Will applying the above as written work or do I need to tweak it?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
insccisco Tue, 08/25/2009 - 08:43

Hi Jason,

what kind of NAT statements do you have?

The config you showed looks good, it will give you the automatic failover. However, note that this is limited because, for example, say your ISP1 goes down. Your config will get you over to the 2nd ISP2 automatically. So far so good, but once the ISP1 comes back up, all your traffic will be redirected back to the default route (your ISP1). This will give your users some hiccups.

I have environments where the users understood that ISP1 went down and the automatic faiover gave them a hiccup when it failed over to the ISP2. However, they flipped when they noticed they had a hiccup again when ISP1 returned and your config re-routed all traffic back to it. So that is 2 hiccups, which means any established connections they users had, they broke.

This is because you often get Cable lines to go down for a few minutes and then they come right backup. And to make matters worst, there are those situations where your Cable ISP goes down and up, then 1 minute later does the same thing, so you have flapping. When this occurs, all established connections will go down and up again. This will kill your redundancy plan and the config you have will not work.

But you need to overcome your NAT statements issues first.... so again, what kind of NAT statements are you talking about? One-to-One NAT?

jasonww04 Tue, 08/25/2009 - 09:01

This is the current NAT statement I'm using. We have a VPN that only select traffic needs to go through.

ip nat inside source route-map NAT interface Ethernet1 overload

!

!

ip access-list extended NAT

deny ip 172.18.2.0 0.0.0.255 10.11.0.0 0.0.255.255

permit ip 172.18.2.0 0.0.0.255 any

route-map NAT permit 10

match ip address NAT

insccisco Tue, 08/25/2009 - 09:11

That shouldn't be a problem. I am by no means a Cisco solid guy, I'm still a novice, but again, I have worked a lot on the same problem you are facing....

Let me know your exact end result. So far I know that you want to introduce ISP2 because you are assuming that ISP1 might go down and when this happens, you will still want your internet traffic to be up by being re-routed to the 2nd ISP.

Let me know so I can continue to get you more of my 2-cents!

I assume you have a tunnel (remote access or L2L??) that you will still want UP when you failover, right?

jasonww04 Tue, 08/25/2009 - 09:25

There is a site-to-site VPN tunnel currently in use but I'm not so sure I care to have it switch over during down time.

Actions

This Discussion