Route-Map + NAT + 2 ISP

Peter Valdes · ‎05-27-2009

Hi,

I'm currently testing failover between 2 ISP using the one Cisco 3800.

The problem is once the primary link goes down, the backup is active using floating static but Internet.

Looking at the NAT trans and there is no trans on the backup link IP Address pool.

The challengin part of this project is that we only have 2 Ethernet Interface on the 3800 and both are already in use for WAN and LAN.

Below is my config:

interface GigabitEthernet0/0

description LINK TO PRIMARY LINK

ip policy route-map NAT-to-ISP1

ip address x.x.x.x 255.255.255.252

!

interface GigabitEthernet0/1

description LINK TO SWITCH STACK - 3560

no ip address

!

interface GigabitEthernet0/1.500

description LINK TO BACKUP LINK

ip policy route-map NAT-to-ISP2

ip address y.y.y.y 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 x.x.x.x name PRIMARY

ip route 0.0.0.0 0.0.0.0 y.y.y.y 50 name BACKUP

!

ip nat inside source route-map NAT-to-ISP1 interface GigabitEthernet0/0 overload

ip nat inside source route-map NAT-to-ISP2 interface GigabitEthernet0/1.500 overload

!

route-map NAT-to-ISP1 permit 10

match ip address NAT_ACL

match interface GigabitEthernet0/0

!

route-map NAT-to-ISP2 permit 10

match ip address NAT_ACL

match interface GigabitEthernet0/1.500

As you can see, the backup link is connected to our internal switch stack on gig0/1 and I have created a sub-interface assign access VLAN 500 on the switch port. We are not using dynamic routing on both WANS.

Once the primary link goes down, I can see the floating static adding the backup as the default gateway using AD.

Have I miss anything? I know the problem is NATing.

Thanks

paolo bevilacqua · ‎05-27-2009

You are missing ip nat inside and ip nat outside commands for the interfaces, and the encapsulation dot1q for the subinterface.

Peter Valdes · ‎05-27-2009

Sorry, the config is applied on the router. I just forgot to type it in here.

Config:

ip dhcp pool 100

network 192.168.101.0 255.255.255.0

default-router 192.168.101.1

dns-server a.a.a.a b.b.b.b

lease 7

!

interface GigabitEthernet0/0

description LINK TO PRIMARY LINK

ip policy route-map NAT-to-ISP1

ip address x.x.x.x 255.255.255.252

ip nat outside

!

interface GigabitEthernet0/1

description LINK TO SWITCH STACK - 3560

no ip address

!

interface GigabitEthernet0/1.100

description LAN PC

encapsulation dot1Q 100

ip address 192.168.101.1 255.255.255.0

ip nat inside

!

interface GigabitEthernet0/1.500

description LINK TO BACKUP LINK

ip policy route-map NAT-to-ISP2

encapsulation dot1Q 500

ip address y.y.y.y 255.255.255.252

ip nat outside

!

ip route 0.0.0.0 0.0.0.0 x.x.x.x name PRIMARY

ip route 0.0.0.0 0.0.0.0 y.y.y.y 50 name BACKUP

!

ip nat inside source route-map NAT-to-ISP1 interface GigabitEthernet0/0 overload

ip nat inside source route-map NAT-to-ISP2 interface GigabitEthernet0/1.500 overload

!

route-map NAT-to-ISP1 permit 10

match ip address NAT_ACL

match interface GigabitEthernet0/0

!

route-map NAT-to-ISP2 permit 10

match ip address NAT_ACL

match interface GigabitEthernet0/1.500

paolo bevilacqua · ‎05-27-2009

You need to have g0/0 to be down for the new route to install and translations to delete. Does this happens ?