871 - second alternative WAN connection

pwolsza_wolfik1 · ‎08-31-2010

Hey

I want to make backup internet connection on 871 Cisco router.

I made belowe steps

One of the Vlan 1 port was changed into Vlan 2.
Vlan 2 now have static IP which is address for second ISP.
Added route with priority 2.

Everything works fine, routing switching dynamically from one ISP to another.

Unfortunately I can’t resolve the problem of NAT.

In configuration is:

ip nat inside source list 1 interface FastEthernet4 overload

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.9.0 0.0.0.255

How to change that NAT will switch automatically and translate addresses depends from routing.

Federico Coto Fajardo · ‎08-31-2010

Hi,

Use a route-map.

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

route-map ISP1

match ip address 101

set ip next-hop x.x.x.x

route-map ISP2

match ip address 102

set ip next-hop y.y.y.y

ip nat inside source route-map ISP1 interface Fas0/0 overload route-map ISP1

ip nat inside source route-map ISP2 interface Fas0/1 overload route-map ISP2

The above example assumes the following:

192.168.1.0/24 = is the internal network

x.x.x.x = is the IP of the Fas0/0 (assuming that's the primary internet connection)

y.y.y.y = is the IP of the Fas0/1 (assuming that's the secondary internet connection)

Additionally you can use the IP SLA feature to track the routes.

Federico.

pwolsza_wolfik1 · ‎09-03-2010

Thanks for information.

Unfortunately something is wrong because ISP1 is working but the ISP2 not.

Where I made a mistake, maybe vlan is the problem??

This is conf.:

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

description WAN2

switchport access vlan 2

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$

ip address 10.14.62.83 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.9.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Vlan2

ip address 192.168.11.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.14.62.81

ip route 0.0.0.0 0.0.0.0 192.168.11.1 2

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source route-map ISP1 interface FastEthernet4 overload

ip nat inside source route-map ISP2 interface Vlan2 overload

!

logging trap debugging

access-list 101 permit ip 192.168.9.0 0.0.0.255 any

access-list 102 permit ip 192.168.9.0 0.0.0.255 any

no cdp run

!

route-map ISP2 permit 10

match ip address 102

set ip next-hop 192.168.11.1

!

route-map ISP1 permit 10

match ip address 101

set ip next-hop 10.14.62.81

pwolsza_wolfik1 · ‎09-07-2010

Below the configuration with solved problem.

Thanks for sugestion:

ip nat inside source route-map ISP1 interface FastEthernet4 overload

ip nat inside source route-map ISP2 interface Vlan2 overload

!

logging trap debugging

no cdp run

!

route-map ISP2 permit 11

match interface Vlan2

set ip next-hop 192.168.11.1

!

route-map ISP1 permit 10

match interface FastEthernet4

continue 11

set ip next-hop 10.14.62.81