[c-nsp] Simple NAT based IOS failover between providers
Kenny Sallee
k_sallee at yahoo.com
Wed Sep 28 15:51:14 EDT 2005
Why not use a Radware Linkproof or similar product
instead of a router? For lower end clients you can
provision 2 DSL or DSL and cable connections, plug
them into Ethernet ports on the LP and have load
balancing and availability (for the hardcore note I
said lower end clients that can't afford dual T1's and
BGP capable routers). You can do the same w/ T1's but
still required a router to terminate the T1.
Anyway, the LP uses NAT per ISP and probes to
determine availability and reachability of each ISP.
You can do PAT to each provider, and provide static
translations from each provide to the same internal IP
(say a firewall or smtp server whatever) They also
have mini-DNS capabilities to automatically handle
inbound traffic via hostname resolution. Lots of
other capabilities. No I don't work for radware - but
the company I work for sells the product and have
found that once the capabilities are understood and
its setup properly, it works well.
Kenny
--- Robert Boyle <robert at tellurian.com> wrote:
>
> Hello,
>
> We opened a ticket with the TAC and were told this
> was not possible. I
> don't believe it. Many $79 generic Asian routers
> sold at office supply
> stores can do this out of the box so I have to
> believe that Cisco with 10+
> years of IOS development and a $1500 router can do
> something this simple.
> Situation details below:
>
> Router with two "outside" interfaces - Both Ethernet
> in the cheap routers
> or WIC-1DSU-T1 and WIC-1ADSL in our Cisco example
> Router has one "inside" Ethernet interface which
> runs NAT with IPSEC
> passthrough.
>
> The first outside interface is connected to ISP A
> (us in this case)
> The other outside interface is connected to ISP B
> (the local telco or cable
> company in this case)
>
> The router is configured so ISP A is the primary
> Internet link and it pings
> the far side of the WAN connection to determine if
> the link is up. When the
> primary link is up, all traffic is NAT mapped and
> sourced from the primary
> WAN IP. If the ping fails, the router changes the
> NAT mappings to use the
> second link with ISP B and all packets after that
> point are sourced from
> the second WAN interface IP address. Fail back can
> be automatic after a
> timer expires or a manual process such as a reboot.
> I don't really care
> either way, but I do need the failover from ISP A to
> ISP B to be automatic
> based on interface state, ping, or some other
> reliable method. I have seen
> some documentation for IOS which enables changing
> routes based on a ping
> response, but how do I change the NAT mappings as
> well? A working real
> config or a pointer to a cookbook example would be
> great! We have Cisco PIX
> boxes doing IPSEC behind these 1721s and 28xx
> routers at these sites and
> timers set to 1 minute on the PIXes so they will
> reconnect within a minute
> if the primary link fails. I believe that there HAS
> to be a way to make a
> Cisco IOS router do something that a $79 consumer
> router can do! Thanks in
> advance for any assistance!
>
> -Robert
>
> Before anyone suggests another method such as BGP,
> that won't work. We
> can't provide the secondary link to these locations
> since they are isolated
> small offices in independent telephone territories
> or cable is the only
> option as ISP B (and ISP B doesn't speak BGP.)
> Thanks!
>
>
>
> Tellurian Networks - The Ultimate Internet
> Connection
> http://www.tellurian.com | 888-TELLURIAN |
> 973-300-9211
> "Well done is better than well said." - Benjamin
> Franklin
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
More information about the cisco-nsp
mailing list