Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2011
Views
0
Helpful
3
Replies

Failover internet connection

jasonww04
Level 1
Level 1

‎05-27-2010 09:13 AM - edited ‎03-04-2019 08:36 AM

I have a router with connections to two different ISPs and I'm looking to have it failover should the main connection go down. Is this config going to work?

int f3
switch mode acce
switch acce vlan 5

int f4
ip add 173.220.131.10 255.255.255.248
ip nat outside

int vlan1
ip add 172.18.2.1 255.255.255.0
ip nat inside

int vlan5
ip add 64.115.219.66 255.255.255.248
ip nat outside


ip sla 1
icmp-echo 63.123.252.1

ip sla schedule 1 life forever start-time now

track 1 rtr 1 reachability

access-list 100 permit icmp any host 63.123.252.1 echo

route-map redundant permit 10

match ip add 100

set int vlan 5 null 0

ip local policy route-map redundant

ip route 0.0.0.0 0.0.0.0 173.220.131.9 track 1

ip route 0.0.0.0 0.0.0.0 64.115.219.65

ip nat inside source route-map NAT interface f4 overload

!

!

ip access-list extended NAT

deny   ip 172.18.2.0 0.0.0.255 10.11.0.0 0.0.255.255

permit ip 172.18.2.0 0.0.0.255 any

route-map NAT permit 10

match ip address NAT

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-28-2010 03:13 AM

Hello Jason,

the configuration is not complete when using secondary link you need to NAT using the public address of secondary link or you will have troubles in receiving return traffic.

NAT configuration has to be modified to take in account this, more specifically the route-map needs two clauses where you will need to check if you are going to exit on primary or on secondary link and to use a different NAT pool accordingly.

or you need to add a second statement with global address =  the secondary link interface

see

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml

Hope to help

Giuseppe

0 Helpful

jasonww04
Level 1
Level 1
In response to Giuseppe Larosa

‎06-01-2010 08:47 AM

A Cisco tech helped me with the config, here is what I am going to try tonight:

int f3
switch mode acce
switch acce vlan 5

int f4
ip add 173.220.131.10 255.255.255.248
ip nat outside

int vlan1
ip add 172.18.2.1 255.255.255.0
ip nat inside

int vlan5
ip add 64.115.219.66 255.255.255.248
ip nat outside

ip sla 1
icmp-echo 4.2.2.2
ip sla schedule 1 life forever start-time now

track 1 rtr 1 reachability


ip route 0.0.0.0 0.0.0.0 173.220.131.9 track 1
ip route 0.0.0.0 0.0.0.0 64.115.219.65 230

ip nat inside source route-map NAT interface f4 overload
ip nat inside source route-map NAT2 int vlan5 overload

ip access-list extended NAT
deny   ip 172.18.2.0 0.0.0.255 10.11.0.0 0.0.255.255
permit ip 172.18.2.0 0.0.0.255 any



route-map NAT permit 10
match ip address NAT

route-map NAT2 permit 10
match ip add NAT

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to jasonww04

‎06-01-2010 11:39 AM

Hello Jason,

this last version looks like more correct. It  uses object tracking for checking health of primary path/route and it has two NAT statements one for each ISP link.

You should test a failure on the primary link and the restore of the primary link to verify the behaviour of this setup.

the address target of RTR object, IP SLA,  should be an IP address of ISP1

see

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html#wp1087990

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card