Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RE: NAT entries not getting created when link failover occurs


I implemented this solution on the 12.4T Adv. Security IOS on an ISR G1 3825 router and am now having problems with the new ISR G2 version 15 Universal IOS running on a 2911 router.

The scenario in the first instance where I ran a similar solution on the ISR G1 platform with 12.4T IOS was that we had a primary/backup ISP scenario and used IP SLA (icmp-echo) with Enhanced Object Tracking on static default routes for internet connectivity failover and for NAT failover I entered two PAT entries using route-maps pointing towards the two interfaces that the NAT should take place (interfaces with ip nat outside).

Now, on the ISR G2 platform with Universal IOS I had two connection via eBGP from the same ISP with the primary one having higher local preference. Basically I am recieving a default route from the ISP via both links and when one link goes down the secondary eBGP peering via the same ISP is the preferred exit point. Now I am NATTING on both the interfaces and when I shift the link to the secondary one (maunally or automatically since the route will also be learnt from the secondary link that will be preferred) the NAT entries do not shift to the secondary link and you cannot see any NAT entries being created in the NAT table. Just like in the first instance I am creating PAT entries on the interface since I have only one public IP on the primary interface and one public IP on the secondary link and I am using route-maps for both sets of NAT entries and not an access-list using the 'list' parameter on the NAT entry. Can anyone please guide me here?



Everyone's tags (6)