[c-nsp] NAT, dual WAN and a cisco router
Jorge Evangelista
netsecuredata at gmail.com
Sat Aug 18 18:34:35 EDT 2007
http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/
On 8/17/07, Tom Storey <tom at snnap.net> wrote:
> It can be done, but you must use route-maps in your "ip nat inside source"
> statements instead.
>
> The following configuration uses object tracking to fail over to a backup
> link. Using tracking we remove or add a default route with a lower metric
> into the routing table upon a particular host becomming unavailable or
> available, respectively.
>
> Once the primary is back up, connectivity fails back to the primary, and the
> secondary remains idle until the primary fails again.
>
> track 1 rtr 1 reachability
> !
> interface Dialer1
> description ** Your primary Internet connection here **
> ip nat outside
> !
> interface Dialer1
> description ** Your secondary Internet connection here **
> ip nat outside
> !
> ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
> ip route 0.0.0.0 0.0.0.0 Dialer2 10
> ip route 1.2.3.4 255.255.255.255 Dialer1
> !
> ip nat inside source route-map pri-nat interface Dialer1 overload
> ip nat inside source route-map sec-nat interface Dialer2 overload
> !
> ip sla 1
> icmp-echo 1.2.3.4 source-interface Dialer1
> timeout 4500
> threshold 6500
> frequency 30
> ip sla schedule 1 life forever start-time now
> access-list 100 permit ip 10.10.10.0 0.0.0.7 any
> access-list 101 permit ip 10.10.10.0 0.0.0.7 any
> dialer-list 1 protocol ip permit
> dialer-list 2 protocol ip permit
> !
> route-map pri-nat permit 10
> match ip address 100
> match interface Dialer1
> !
> route-map sec-nat permit 10
> match ip address 101
> match interface Dialer2
> !
>
> Simply replace 1.2.3.4 with a host on the internet you would like to
> monitor, preferably one you wont need to actually reach when your primary
> link goes down, since we are explicitly routing that host via the primary
> ISP.
>
> Other than that, make other adjustments as required, such as interface
> names, subnets, etc etc. Any routes you want removed from the routing table
> when the primary link goes down, add "track 1" after it as per my example.
> They'll come back when it comes up again.
>
> My example uses dialer interfaces for the WAN connectivity, but it can
> easily be adapted for any other type or combination of connectivity.
>
> Cheers,
> Tom
>
> ----- Original Message -----
> From: "Adrian Minta" <adrian.minta at gmail.com>
> To: <cisco-nsp at puck.nether.net>
> Sent: Thursday, August 16, 2007 4:05 PM
> Subject: [c-nsp] NAT, dual WAN and a cisco router
>
>
> > Is it possible to use two Internet connection with a cisco router ?
> > I need to have redundancy for a small NATed LAN.
> >
> > Does anyone have this configuration?
> >
> > --
> > Best regards,
> >
> > Adrian Minta
> >
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
"The network is the computer"
More information about the cisco-nsp
mailing list