Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

c871 ISP change without outage

hello guys,

I'm not sure about cisco871 and his FastEthernet4 interface .

I have connection to ISP1, fa4 is used as outside interface. LAN is connected using fa0 (trunk for 3 networks inside LAN, vlan routing on c871). this design is clear and working without problem.

interface FastEthernet4
description uplink to ISP1
ip address ISP1 netmask
ip access-group Internet in
ip mtu 1300
ip nat outside
ip inspect MyInspect out
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
crypto map IPSec

Now I have connected ISP2 (in near future this will replace ISP1). ISP2 is connected to fa3:

interface FastEthernet3

description new uplink to ISP2

switchport access vlan 50


interface Vlan50
  ip address ISP2 netmask
  ip access-group Internet-sanet in
  ip nat outside
  ip nat enable
  ip virtual-reassembly

connectivity to both providers is ok. default gw is to ISP1. when I set static route for some dst through ISP2, connectivity from this dst to router is successful.ok, it looks, that all is working. I tried change default GW to ISP2.

connectivity to/from router is ok. problem is nat for clients in lan. after default gw change are lan clients translated always to ISP1 outside address

ip nat inside source list nat-isp1 interface FastEthernet4 overload
ip nat inside source list nat-isp2 interface Vlan50 overload

acl nat-isp1 and nat-isp2 are same:

    10 deny ip
    20 deny ip
    30 deny ip
    40 permit ip any

    50 permit ip any
    60 permit ip any

#sh ip int brie
FastEthernet4     ISP1       YES manual up                    up     
Vlan1            YES NVRAM  up                    up     
NVI0                  ISP1      YES unset  up                    up     
Vlan2            YES NVRAM  up                    up     
Vlan10         YES NVRAM  up                    up     
Vlan50                ISP2 YES NVRAM  up                    up

NVI0 interface is using address of fa4.

my questions are:

1. It's possible change NVI0 address to other IP as IP of fa4 interface?

2. It's possible change NAT for connectivity through ISP2 (fa3) change to other public address? I'm not sure, because fa0-3 are switched ports and it's not possible change fa3 to L3 only (no switchport).

router is cisco 871, c870-advipservicesk9-mz.124-15.T7.bin.

thanks for any help.



Cisco Employee

Re: c871 ISP change without outage

OK, let me take a stab here.  Disclaimer: I have not used NVI, or the 871 series but have worked with classic NAT.

Seems like you are mixing NAT NVI config with classic NAT config.

Since you have specified the interfaces as "outside" I presume that they will be classic NAT, not NVI. Why use NVI here?

You are correct that the 4 interfaces cannot act independently as L3 entities on an 871.

Nat Order Of Operation mey be insightful:

What is the crypto-map doing?

CreatePlease to create content