[c-nsp] NAT, dual WAN and a cisco router

Tom Storey tom at snnap.net
Fri Aug 17 09:54:38 EDT 2007 

It can be done, but you must use route-maps in your "ip nat inside source"
statements instead.

The following configuration uses object tracking to fail over to a backup
link. Using tracking we remove or add a default route with a lower metric
into the routing table upon a particular host becomming unavailable or
available, respectively.

Once the primary is back up, connectivity fails back to the primary, and the
secondary remains idle until the primary fails again.

track 1 rtr 1 reachability
!
interface Dialer1
 description ** Your primary Internet connection here **
 ip nat outside
!
interface Dialer1
 description ** Your secondary Internet connection here **
 ip nat outside
!
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 10
ip route 1.2.3.4 255.255.255.255 Dialer1
!
ip nat inside source route-map pri-nat interface Dialer1 overload
ip nat inside source route-map sec-nat interface Dialer2 overload
!
ip sla 1
  icmp-echo 1.2.3.4 source-interface Dialer1
  timeout 4500
  threshold 6500
  frequency 30
ip sla schedule 1 life forever start-time now
access-list 100 permit ip 10.10.10.0 0.0.0.7 any
access-list 101 permit ip 10.10.10.0 0.0.0.7 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map pri-nat permit 10
 match ip address 100
 match interface Dialer1
!
route-map sec-nat permit 10
  match ip address 101
  match interface Dialer2
!

Simply replace 1.2.3.4 with a host on the internet you would like to
monitor, preferably one you wont need to actually reach when your primary
link goes down, since we are explicitly routing that host via the primary
ISP.

Other than that, make other adjustments as required, such as interface
names, subnets, etc etc. Any routes you want removed from the routing table
when the primary link goes down, add "track 1" after it as per my example.
They'll come back when it comes up again.

My example uses dialer interfaces for the WAN connectivity, but it can
easily be adapted for any other type or combination of connectivity.

Cheers,
Tom

----- Original Message -----
From: "Adrian Minta" <adrian.minta at gmail.com>
To: <cisco-nsp at puck.nether.net>
Sent: Thursday, August 16, 2007 4:05 PM
Subject: [c-nsp] NAT, dual WAN and a cisco router


> Is it possible to use two Internet connection with a cisco router ?
> I need to have redundancy for a small NATed LAN.
>
> Does anyone have this configuration?
>
> --
> Best regards,
>
> Adrian Minta
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list