Redundant WAN cisco 1801/ADSL NAT issue

Answered Question
Jan 25th, 2006
User Badges:

I have configured a 1801 router with ADSL and FASTETHERNET0 as wan ports. I have added two static routes with metric 1 and 2 out over these interfaces. I have also added two NAT rules for each. All traffic is coming from network. Problem is it only seems to work for the 1st NAT rule, if I pull out says ATM0/0 cable it doesnt start using the FE0/1 port. I was told this would work as redundancy, any ideas?

See extract of config I think are relvant:

ip classless

ip route 195.x.x.x 2

ip route Dialer0 3

ip nat inside source list 1 interface FastEthernet0 overload

ip nat inside source list 2 interface Dialer0 overload


access-list 1 remark SDM_ACL Category=2

access-list 1 permit

access-list 2 remark SDM_ACL Category=2

access-list 2 permit

dialer-list 1 protocol ip permit

no cdp run

Correct Answer by twojciac about 11 years 6 months ago

It's possible to use the embedded event manager and script it. I haven't used EEM yet, so I don't have any canned scripts that would work for you.

Here's info on the EEM:

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
twojciac Wed, 01/25/2006 - 06:09
User Badges:

I believe this is what you're trying to do. Keep in mind, in a failure scenario, you'll need to clear the nat translations manually to fail over active translations.

interface FastEthernet0

ip address 195.x.x.1

ip nat outside


interface FastEthernet1

ip address

ip nat inside

ip policy route-map nexthop


interface Dialer0

ip address negotiated

ip nat outside


ip local policy route-map nexthop

ip nat inside source route-map ispA interface FastEthernet0 overload

ip nat inside source route-map ispB interface Dialer0 overload


access-list 40 remark IP Addresses that may be NAT'd

access-list 40 permit


route-map ispB permit 10

match ip address 40

match interface FastEthernet0


route-map ispA permit 10

match ip address 40

match interface Dialer0


ip route 195.x.x.2

ip route Dialer0 3

rasoftware Wed, 01/25/2006 - 08:25
User Badges:

that fantastic, works first time and fails over perfectly.

Is there also a way to shutdown the backup interface automatically until it is needed and the revert back once the priamry is back up? I ask because we have PIX behind the router and prefer that only the fastest priamry connection is used when possible for out IPSEC tunnels and not the backup.

rasoftware Wed, 01/25/2006 - 13:21
User Badges:

I think maybe it is possible to use the dialer-watch command that can be used for ISDN on the dsl interface?

aadilovic Thu, 02/09/2006 - 05:04
User Badges:

hi twojciac,

I did same on my router; however, didn't work. In your example there is on two places "policy route-map nexthop" which is not described. Is this cruical for this to work? can you give more explanation on this?

mheusinger Wed, 01/25/2006 - 06:30
User Badges:
  • Green, 3000 points or more


according your config you will use the FastEthernet0 per default, assuming you have a 195.x.x.x address there!?

You specify two default routes with administrative distance 2 and 3. The lower value is the "better" or "more trustworthy" one and should be used unless 195.x.x.x is not reachable.

Can you post the output of "show ip route" and "show ip nat translations"?

This would further help to understand what is going on.

Hope this helps! Please rate all posts.

Regards, Martin


This Discussion