C870 - 2 ISP Nat do not witching automatically

Unanswered Question
Sep 8th, 2010

/* Style Definitions */ table.MsoNormalTable {mso-style-name:Standardowy; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

I have made configuration for 2 ISP.

Unfortunately NAT do not want to switch automatically from inactive to active route.

Any suggestions:

My config:



!

interface  FastEthernet0

!

interface  FastEthernet1

!

interface  FastEthernet2

!

interface  FastEthernet3

description WAN2

switchport access vlan 2

!

interface FastEthernet4

description  $ES_WAN$$FW_OUTSIDE$$ETH-WAN$

ip address 10.14.62.83 255.255.255.248

no ip  redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip  virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description  $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address  192.168.9.1 255.255.255.0

no ip redirects

no ip unreachables

no ip  proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface  Vlan2

ip address 192.168.11.2 255.255.255.0

no ip redirects

no ip  unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

!

ip  forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.14.62.81

ip route  0.0.0.0 0.0.0.0 192.168.11.1 2

ip http server

ip http authentication local

ip http  secure-server

ip  http timeout-policy idle 60 life 86400 requests 10000

!

ip nat  inside source route-map ISP1 interface FastEthernet4 overload

ip nat  inside source route-map ISP2 interface Vlan2 overload

!

logging trap  debugging

access-list  101 permit ip 192.168.9.0 0.0.0.255 any

access-list 102 permit ip  192.168.9.0 0.0.0.255 any

no cdp run

!

!

!

route-map ISP2 permit 10

match ip address 102

set ip  next-hop 192.168.11.1

!

route-map ISP1 permit 10

match ip address 101

set ip  next-hop 10.14.62.81

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Loading.
Giuseppe Larosa Thu, 09/09/2010 - 01:30

Hello Pwolza,

try to match the outgoing interface in order to have second route-map to kick in

match interface fas4

match interface vlan2

in second route-map

Hope to help

Giuseppe

pwolsza_wolfik1 Thu, 09/09/2010 - 05:08

Well with a litle of your help I made some corrections to the configuration and now it working

ip nat inside source route-map ISP1 interface FastEthernet4 overload

ip nat inside source route-map ISP2 interface Vlan2 overload

!

logging trap debugging

no cdp run

!

!

!

route-map ISP2 permit 11

match interface Vlan2

set ip next-hop 192.168.11.1

!

route-map ISP1 permit 10

match interface FastEthernet4

continue 11

set ip next-hop 10.14.62.81

Giuseppe Larosa Fri, 09/10/2010 - 08:01

Hello Pwolza,

I'm happy it is working now I had little time so I had given you just an hint and you have been good to take it.

Note:

these are actually two different route-maps (they have different names) and not two blocks of the same route-map.

So the continue 11 does not provide a reference to the other route-map but to block 11 in route-map ISP1.

My guess is that without the continue 11 line the behaviour should not change as the meaning of match interface should be "match the outgoing interface to be used to send traffic".

Hope to help

Giuseppe

pwolsza_wolfik1 Sun, 09/12/2010 - 23:18

/* Style Definitions */ table.MsoNormalTable {mso-style-name:Standardowy; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

Yes, indeed it is working without continue 11.

Thanks for suggestion.

pwolsza_wolfik1 Thu, 09/16/2010 - 23:05

Now everything works fine.

Unfortunately the automatically switching of the  ISP only works when I will put off the plug from the cisco socket.

When the signal goes down from ISP  router, CISCO do not want to push the traffic into backup ISP.

Tracert gives me information of the destination IP for  example cisco.com but without addresses of hoops.

What to do now ??

Actions

This Discussion