cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
280
Views
0
Helpful
2
Replies

Internet failover on 1841, routing works, nat does not?

jasonhumes
Level 1
Level 1

Hi

We've got an 1841 router and two internet feeds, one is wireless and the other is satellite. I've setup the wireless as the Primary internet feed and the satellite should be the backup in the event of the primary failing. I've got a sla checking the availability of the wireless next hop and a tracked object tied into that default route and a floating static route for the satellite backup. The routing failover works just fine, the wireless feed goes down, the tracked gateway is no longer reachable and the tracked route leaves the table only leaving the higher cost satellite feed. The problem is that NAT only works out the primary feed and never works out the backup. Here is my relevant nat config;

ip nat translation timeout 5

ip nat inside source route-map nat interface FastEthernet0/0 overload

ip nat inside source route-map nat2 interface FastEthernet0/1 overload

route-map nat2 permit 10

match ip address nat

!

route-map nat permit 10

match ip address nat

ip access-list extended nat

deny ip 192.168.1.0 0.0.0.255 192.168.199.0 0.0.0.255

deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 any

Does anyone have any experience with this or any idea why the second NAT does not work? I've got nat outside commands on both f0/0 and f0/1, but the backup nat only works if I manually remove the f0/0 nat entry. Any ideas? Thanks

Jason

2 Replies 2

spremkumar
Level 9
Level 9

hi

can you try this and revert...

ip nat pool wireless x.x.x.x x.x.x.x netmask y.y.y.y

ip nat pool vsat a.a.a.a a.a.a.a netmask b.b.b.b

ip nat inside source route-map nonat pool branch overload

ip nat inside source route-map nonat pool branch overload

ip access-list extended nonat

deny ip 192.168.1.0 0.0.0.255 192.168.199.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 any

where x.x.x.x/a.a.a.a - ip address recieved from the respective service provider.

y.y.y.y/b.b.b.b - subnet mask as provided by your sp

regds

attrgautam
Level 5
Level 5

Jason

You need a change in your route-map as though the route changes to the backup interface, your NAT IP continues to be IP address on interface FA0/0 because it matches the statement

ip nat inside source route-map nat interface FastEthernet0/0 overload

instead of

ip nat inside source route-map nat2 interface FastEthernet0/1 overload

Please change your route-maps in the following fashion

route-map nat2 permit 10

match ip address nat

match interface fa0/1

!

route-map nat permit 10

match ip address nat

match interface fa0/0

Let me know if it works

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: