871 - second alternative WAN connection

Unanswered Question
Aug 31st, 2010


/* Style Definitions */ table.MsoNormalTable {mso-style-name:Standardowy; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

Hey


I want to make backup internet connection on 871 Cisco router.

I made belowe steps

  • One of the Vlan 1 port was changed into Vlan 2.
  • Vlan 2 now have static IP which is address for      second ISP.
  • Added route with priority 2.

                                                       

Everything works fine, routing switching dynamically from one ISP to another.

Unfortunately I can’t resolve the problem of NAT.

In configuration is:

ip nat inside source list 1 interface FastEthernet4 overload

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.9.0 0.0.0.255

How to change that NAT will switch automatically and translate addresses depends from routing.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Federico Coto F... Tue, 08/31/2010 - 06:35

Hi,


Use a route-map.


access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 permit ip 192.168.1.0 0.0.0.255 any


route-map ISP1

  match ip address 101

  set ip next-hop x.x.x.x


route-map ISP2

  match ip address 102

  set ip next-hop y.y.y.y


ip nat inside source route-map ISP1 interface Fas0/0 overload route-map ISP1

ip nat inside source route-map ISP2 interface Fas0/1 overload route-map ISP2


The above example assumes the following:


192.168.1.0/24 = is the internal network

x.x.x.x = is the IP of the Fas0/0 (assuming that's the primary internet connection)

y.y.y.y = is the IP of the Fas0/1 (assuming that's the secondary internet connection)


Additionally you can use the IP SLA feature to track the routes.


Federico.

pwolsza_wolfik1 Fri, 09/03/2010 - 02:24


/* Style Definitions */ table.MsoNormalTable {mso-style-name:Standardowy; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

Thanks for information.

Unfortunately something is wrong because ISP1 is working but the ISP2 not.

Where I made a mistake, maybe vlan is the problem??


This is conf.:



!


interface FastEthernet0


!


interface FastEthernet1


!


interface FastEthernet2


!


interface FastEthernet3


description WAN2


switchport access vlan 2


!


interface FastEthernet4


description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$


ip address 10.14.62.83 255.255.255.248


no ip redirects


no ip unreachables


no ip proxy-arp


ip flow ingress


ip nat outside


ip virtual-reassembly


duplex auto


speed auto


!


interface Vlan1


description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$


ip address 192.168.9.1 255.255.255.0


no ip redirects


no ip unreachables


no ip proxy-arp


ip flow ingress


ip nat inside


ip virtual-reassembly


ip tcp adjust-mss 1452


!


interface Vlan2


ip address 192.168.11.2 255.255.255.0


no ip redirects


no ip unreachables


no ip proxy-arp


ip flow ingress


ip nat outside


ip virtual-reassembly


!


ip forward-protocol nd


ip route 0.0.0.0 0.0.0.0 10.14.62.81


ip route 0.0.0.0 0.0.0.0 192.168.11.1 2


ip http server


ip http authentication local


ip http secure-server


ip http timeout-policy idle 60 life 86400 requests 10000


!


ip nat inside source route-map ISP1 interface FastEthernet4 overload


ip nat inside source route-map ISP2 interface Vlan2 overload


!


logging trap debugging


access-list 101 permit ip 192.168.9.0 0.0.0.255 any


access-list 102 permit ip 192.168.9.0 0.0.0.255 any


no cdp run




!


!


!


route-map ISP2 permit 10


match ip address 102


set ip next-hop 192.168.11.1


!


route-map ISP1 permit 10


match ip address 101


set ip next-hop 10.14.62.81

pwolsza_wolfik1 Tue, 09/07/2010 - 23:21

/* Style Definitions */ table.MsoNormalTable {mso-style-name:Standardowy; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

Below the configuration with solved problem.

Thanks for sugestion:




ip nat inside source route-map ISP1 interface FastEthernet4 overload


ip nat inside source route-map ISP2 interface Vlan2 overload


!


logging trap debugging


no cdp run




!


!


!


route-map ISP2 permit 11


match interface Vlan2


set ip next-hop 192.168.11.1


!


route-map ISP1 permit 10


match interface FastEthernet4


continue 11


set ip next-hop 10.14.62.81

Actions

This Discussion