cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
785
Views
5
Helpful
6
Replies

Redundant WAN cisco 1801/ADSL NAT issue

rasoftware
Level 1
Level 1

I have configured a 1801 router with ADSL and FASTETHERNET0 as wan ports. I have added two static routes with metric 1 and 2 out over these interfaces. I have also added two NAT rules for each. All traffic is coming from 192.100.151.0/24 network. Problem is it only seems to work for the 1st NAT rule, if I pull out says ATM0/0 cable it doesnt start using the FE0/1 port. I was told this would work as redundancy, any ideas?

See extract of config I think are relvant:

ip classless

ip route 0.0.0.0 0.0.0.0 195.x.x.x 2

ip route 0.0.0.0 0.0.0.0 Dialer0 3

ip nat inside source list 1 interface FastEthernet0 overload

ip nat inside source list 2 interface Dialer0 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.100.151.0 0.0.0.255

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 192.100.151.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

1 Accepted Solution

Accepted Solutions

It's possible to use the embedded event manager and script it. I haven't used EEM yet, so I don't have any canned scripts that would work for you.

Here's info on the EEM:

http://www.ciscosystems.com/en/US/products/ps6815/products_white_paper0900aecd803a4dad.shtml

View solution in original post

6 Replies 6

twojciac
Level 1
Level 1

I believe this is what you're trying to do. Keep in mind, in a failure scenario, you'll need to clear the nat translations manually to fail over active translations.

interface FastEthernet0

ip address 195.x.x.1 255.255.255.252

ip nat outside

!

interface FastEthernet1

ip address 192.100.151.1 255.255.255.0

ip nat inside

ip policy route-map nexthop

!

interface Dialer0

ip address negotiated

ip nat outside

!

ip local policy route-map nexthop

ip nat inside source route-map ispA interface FastEthernet0 overload

ip nat inside source route-map ispB interface Dialer0 overload

!

access-list 40 remark IP Addresses that may be NAT'd

access-list 40 permit 192.168.151.0 0.255.255.255

!

route-map ispB permit 10

match ip address 40

match interface FastEthernet0

!

route-map ispA permit 10

match ip address 40

match interface Dialer0

!

ip route 0.0.0.0 0.0.0.0 195.x.x.2

ip route Dialer0 3

that fantastic, works first time and fails over perfectly.

Is there also a way to shutdown the backup interface automatically until it is needed and the revert back once the priamry is back up? I ask because we have PIX behind the router and prefer that only the fastest priamry connection is used when possible for out IPSEC tunnels and not the backup.

It's possible to use the embedded event manager and script it. I haven't used EEM yet, so I don't have any canned scripts that would work for you.

Here's info on the EEM:

http://www.ciscosystems.com/en/US/products/ps6815/products_white_paper0900aecd803a4dad.shtml

I think maybe it is possible to use the dialer-watch command that can be used for ISDN on the dsl interface?

hi twojciac,

I did same on my router; however, didn't work. In your example there is on two places "policy route-map nexthop" which is not described. Is this cruical for this to work? can you give more explanation on this?

mheusinger
Level 10
Level 10

Hello,

according your config you will use the FastEthernet0 per default, assuming you have a 195.x.x.x address there!?

You specify two default routes with administrative distance 2 and 3. The lower value is the "better" or "more trustworthy" one and should be used unless 195.x.x.x is not reachable.

Can you post the output of "show ip route" and "show ip nat translations"?

This would further help to understand what is going on.

Hope this helps! Please rate all posts.

Regards, Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco