Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Redundant IPS with PBR NAT

Hi There,

I am trying to create redundant link for "client", see attached diagram.

What i am trying to achieve is if client, ip address 172.20.200.1 will try to go to internet (in my scenario lo 4.4.4.4), it should go via isp "HSO" and address translated to 217.196.0.1, if this ips is not available then it should go via "backup" ips and have address translated to 192.168.0.1.

My config on router R7:

ip sla monitor 1

type echo protocol ipIcmpEcho 4.4.4.4 source-interface FastEthernet1/0

frequency 5

ip sla monitor schedule 1 life forever start-time now

!

!

track 1 rtr 1

!

!

!

!

!

interface FastEthernet0/0

ip address 172.20.200.2 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map pbr

speed 100

full-duplex

!

interface FastEthernet1/0

ip address 217.196.0.1 255.255.255.0

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet2/0

ip address 192.168.0.1 255.255.255.0

ip nat outside

ip virtual-reassembly

speed auto

full-duplex

!

no ip http server

no ip http secure-server

ip route 4.4.4.4 255.255.255.255 FastEthernet1/0

ip route 4.4.4.4 255.255.255.255 FastEthernet2/0 10

!

!

ip nat translation icmp-timeout 1

ip nat pool hso 217.196.0.1 217.196.0.1 netmask 255.255.255.252

ip nat pool backup 196.168.0.1 196.168.0.1 netmask 255.255.255.252

ip nat inside source route-map backup pool backup overload

ip nat inside source route-map hso pool hso overload

!

access-list 1 permit 172.20.200.0 0.0.0.255

!

route-map backup permit 10

match ip address 1

match interface FastEthernet2/0

!

route-map pbr permit 10

match ip address 1

set ip next-hop verify-availability 217.196.0.2 1 track 1

set ip next-hop 192.168.0.2

!

route-map hso permit 10

match ip address 1

match interface FastEthernet1/0

NAT works with above config and i can ping 4.4.4.4 from client router, when i shutdown a lin between "internet" router and "hso" router, ping stops and traffic is not natted to backup isp.

I guess my problem is that my static route to 4.4.4.4 via fa2/0(backup isp) does have distance of 10 so it never ends up in routing table but if i give it default metric of 0 then my "track 1" goes up and down ....

unfortunately I cannot use default route 0.0.0.0

any help much appreciated

Kind regards

Marcin

128
Views
0
Helpful
0
Replies
CreatePlease to create content