Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WAN load balancing



 I have the following issue with a Cisco 2811 router. I have two WAN connection ( fiber and ADSL ) and I want to make WAN load balancing

so I add two route : dialer1 and fa1 the problem is with fiber connection (fa1) in this configuration I can't ping WAN 

from outside or use NAT on this connection. If I change default route's like this it's working but is not WAN load balancing : dialer 150 fa1. Any idea.

  • WAN Routing and Switching
Hall of Fame Super Silver

My first idea is that having

My first idea is that having the default route point just to the physical interface is not a good thing to do. There are multiple problems starting with the fact that doing this requires that the next hop device support proxy arp. And the trend is increasingly that organizations are disabling proxy arp because of the security implications. Beyond that is the problem that it requires your router to arp for every remote destination. And to maintain the ARP table with all of the arp responses, which increases your memory consumption and the CPU processing of the router to do all of the arp processing.


There are also complications of how to do NAT when you have two active Internet connections.


And if you are using both a fiber connection and an ADSL connection you are trying to balance with a higher speed and a lower speed connection and there are issues with this.





New Member

Hi RichardI come back with

Hi Richard

I come back with more details:

First I try to setup router with WAN failover like this:

route-map SDM_RMAP_1 permit 1
 match ip address 101
 match interface FastEthernet0/0

route-map SDM_RMAP_2 permit 1
 match ip address 102
 match interface Dialer1

access-list 101 permit ip any
access-list 101 permit ip any

access-list 102 permit ip any
dialer-list 102 protocol ip permit

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer1 overload

ip nat inside source static tcp 25 x.x.x.x 25 route-map SDM_RMAP_1 extendable

ip route x.x.x.x 150
ip route y.y.y.y track 1 

interface FastEthernet0/0
 ip address x.x.x.x 
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
 crypto map SDM_CMAP_1

interface FastEthernet0/1
 no ip address
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1

interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname ...............
 ppp chap password 7 010109085702121F33434A0014524343
 ppp pap sent-username .......... password 7 0614002D40471D091718160201537E7A
 no cdp enable
 crypto map SDM_CMAP_1

track timer interface 5

track 1 ip sla 1 reachability
 delay down 15 up 10

ip sla 1
 icmp-echo a.b.c.d source-interface y.y.y.y
 timeout 5000
 threshold 40
 frequency 6000
ip sla schedule 1 life forever start-time now


And I want to achive the following results:

All computers from LAN use for internet connection y.y.y.y and if this failed use x.x.x.x and when come back y.y.y.y use this connection.

And I have one server with few services ( DNS, WWW, MAIL...)  which must use just x.x.x.x connection if this failed dosen't matter if this services not working.


But with this configuration one thing not working i can't access from outside Mail server , DNS, WWW  with x.x.x.x connection ( IP ) if I change default route like :

ip route x.x.x.x  track 1
ip route y.y.y.y  150

it's working