C870 - 2 ISP Nat do not witching automatically

Unanswered Question
Sep 8th, 2010
User Badges:


/* Style Definitions */ table.MsoNormalTable {mso-style-name:Standardowy; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

I have made configuration for 2 ISP.

Unfortunately NAT do not want to switch automatically from inactive to active route.

Any suggestions:

My config:



!


interface  FastEthernet0


!


interface  FastEthernet1


!


interface  FastEthernet2


!


interface  FastEthernet3


description WAN2


switchport access vlan 2


!


interface FastEthernet4


description  $ES_WAN$$FW_OUTSIDE$$ETH-WAN$


ip address 10.14.62.83 255.255.255.248


no ip  redirects


no ip unreachables


no ip proxy-arp


ip flow ingress


ip nat outside


ip  virtual-reassembly


duplex auto


speed auto


!


interface Vlan1


description  $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$


ip address  192.168.9.1 255.255.255.0


no ip redirects


no ip unreachables


no ip  proxy-arp


ip flow ingress


ip nat inside


ip virtual-reassembly


ip tcp adjust-mss 1452


!


interface  Vlan2


ip address 192.168.11.2 255.255.255.0


no ip redirects


no ip  unreachables


no ip proxy-arp


ip flow ingress


ip nat outside


ip virtual-reassembly


!


ip  forward-protocol nd


ip route 0.0.0.0 0.0.0.0 10.14.62.81


ip route  0.0.0.0 0.0.0.0 192.168.11.1 2


ip http server


ip http authentication local


ip http  secure-server


ip  http timeout-policy idle 60 life 86400 requests 10000


!


ip nat  inside source route-map ISP1 interface FastEthernet4 overload


ip nat  inside source route-map ISP2 interface Vlan2 overload


!


logging trap  debugging


access-list  101 permit ip 192.168.9.0 0.0.0.255 any


access-list 102 permit ip  192.168.9.0 0.0.0.255 any


no cdp run




!


!


!


route-map ISP2 permit 10


match ip address 102


set ip  next-hop 192.168.11.1


!


route-map ISP1 permit 10


match ip address 101


set ip  next-hop 10.14.62.81

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Loading.
Giuseppe Larosa Thu, 09/09/2010 - 01:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Pwolza,


try to match the outgoing interface in order to have second route-map to kick in


match interface fas4


match interface vlan2


in second route-map




Hope to help

Giuseppe

pwolsza_wolfik1 Thu, 09/09/2010 - 05:08
User Badges:

Well with a litle of your help I made some corrections to the configuration and now it working




ip nat inside source route-map ISP1 interface FastEthernet4 overload


ip nat inside source route-map ISP2 interface Vlan2 overload


!


logging trap debugging


no cdp run



!


!


!


route-map ISP2 permit 11


match interface Vlan2


set ip next-hop 192.168.11.1


!


route-map ISP1 permit 10


match interface FastEthernet4


continue 11


set ip next-hop 10.14.62.81

Giuseppe Larosa Fri, 09/10/2010 - 08:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Pwolza,

I'm happy it is working now I had little time so I had given you just an hint and you have been good to take it.


Note:

these are actually two different route-maps (they have different names) and not two blocks of the same route-map.

So the continue 11 does not provide a reference to the other route-map but to block 11 in route-map ISP1.


My guess is that without the continue 11 line the behaviour should not change as the meaning of match interface should be "match the outgoing interface to be used to send traffic".


Hope to help

Giuseppe

pwolsza_wolfik1 Sun, 09/12/2010 - 23:18
User Badges:


/* Style Definitions */ table.MsoNormalTable {mso-style-name:Standardowy; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

Yes, indeed it is working without continue 11.

Thanks for suggestion.

pwolsza_wolfik1 Thu, 09/16/2010 - 23:05
User Badges:

Now everything works fine.


Unfortunately the automatically switching of the  ISP only works when I will put off the plug from the cisco socket.

When the signal goes down from ISP  router, CISCO do not want to push the traffic into backup ISP.

Tracert gives me information of the destination IP for  example cisco.com but without addresses of hoops.

What to do now ??

Actions

This Discussion