cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
621
Views
10
Helpful
5
Replies

C870 - 2 ISP Nat do not witching automatically

pwolsza_wolfik1
Level 1
Level 1

I have made configuration for 2 ISP.

Unfortunately NAT do not want to switch automatically from inactive to active route.

Any suggestions:

My config:



!

interface  FastEthernet0

!

interface  FastEthernet1

!

interface  FastEthernet2

!

interface  FastEthernet3

description WAN2

switchport access vlan 2

!

interface FastEthernet4

description  $ES_WAN$$FW_OUTSIDE$$ETH-WAN$

ip address 10.14.62.83 255.255.255.248

no ip  redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip  virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description  $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address  192.168.9.1 255.255.255.0

no ip redirects

no ip unreachables

no ip  proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface  Vlan2

ip address 192.168.11.2 255.255.255.0

no ip redirects

no ip  unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

!

ip  forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.14.62.81

ip route  0.0.0.0 0.0.0.0 192.168.11.1 2

ip http server

ip http authentication local

ip http  secure-server

ip  http timeout-policy idle 60 life 86400 requests 10000

!

ip nat  inside source route-map ISP1 interface FastEthernet4 overload

ip nat  inside source route-map ISP2 interface Vlan2 overload

!

logging trap  debugging

access-list  101 permit ip 192.168.9.0 0.0.0.255 any

access-list 102 permit ip  192.168.9.0 0.0.0.255 any

no cdp run

!

!

!

route-map ISP2 permit 10

match ip address 102

set ip  next-hop 192.168.11.1

!

route-map ISP1 permit 10

match ip address 101

set ip  next-hop 10.14.62.81

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Pwolza,

try to match the outgoing interface in order to have second route-map to kick in

match interface fas4

match interface vlan2

in second route-map

Hope to help

Giuseppe

Well with a litle of your help I made some corrections to the configuration and now it working

ip nat inside source route-map ISP1 interface FastEthernet4 overload

ip nat inside source route-map ISP2 interface Vlan2 overload

!

logging trap debugging

no cdp run

!

!

!

route-map ISP2 permit 11

match interface Vlan2

set ip next-hop 192.168.11.1

!

route-map ISP1 permit 10

match interface FastEthernet4

continue 11

set ip next-hop 10.14.62.81

Hello Pwolza,

I'm happy it is working now I had little time so I had given you just an hint and you have been good to take it.

Note:

these are actually two different route-maps (they have different names) and not two blocks of the same route-map.

So the continue 11 does not provide a reference to the other route-map but to block 11 in route-map ISP1.

My guess is that without the continue 11 line the behaviour should not change as the meaning of match interface should be "match the outgoing interface to be used to send traffic".

Hope to help

Giuseppe

Yes, indeed it is working without continue 11.

Thanks for suggestion.

Now everything works fine.

Unfortunately the automatically switching of the  ISP only works when I will put off the plug from the cisco socket.

When the signal goes down from ISP  router, CISCO do not want to push the traffic into backup ISP.

Tracert gives me information of the destination IP for  example cisco.com but without addresses of hoops.

What to do now ??

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco