[c-nsp] NAT, dual WAN and a cisco router

Tom Storey tom at snnap.net
Sat Aug 18 22:13:47 EDT 2007


And ?

There is not much difference between the config I posted and the config on
that website...

----- Original Message -----
From: "Jorge Evangelista" <netsecuredata at gmail.com>
To: <cisco-nsp at puck.nether.net>
Sent: Sunday, August 19, 2007 8:04 AM
Subject: Re: [c-nsp] NAT, dual WAN and a cisco router


> http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/
>
>
>
> On 8/17/07, Tom Storey <tom at snnap.net> wrote:
> > It can be done, but you must use route-maps in your "ip nat inside
source"
> > statements instead.
> >
> > The following configuration uses object tracking to fail over to a
backup
> > link. Using tracking we remove or add a default route with a lower
metric
> > into the routing table upon a particular host becomming unavailable or
> > available, respectively.
> >
> > Once the primary is back up, connectivity fails back to the primary, and
the
> > secondary remains idle until the primary fails again.
> >
> > track 1 rtr 1 reachability
> > !
> > interface Dialer1
> >  description ** Your primary Internet connection here **
> >  ip nat outside
> > !
> > interface Dialer1
> >  description ** Your secondary Internet connection here **
> >  ip nat outside
> > !
> > ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
> > ip route 0.0.0.0 0.0.0.0 Dialer2 10
> > ip route 1.2.3.4 255.255.255.255 Dialer1
> > !
> > ip nat inside source route-map pri-nat interface Dialer1 overload
> > ip nat inside source route-map sec-nat interface Dialer2 overload
> > !
> > ip sla 1
> >  icmp-echo 1.2.3.4 source-interface Dialer1
> >  timeout 4500
> >  threshold 6500
> >  frequency 30
> > ip sla schedule 1 life forever start-time now
> > access-list 100 permit ip 10.10.10.0 0.0.0.7 any
> > access-list 101 permit ip 10.10.10.0 0.0.0.7 any
> > dialer-list 1 protocol ip permit
> > dialer-list 2 protocol ip permit
> > !
> > route-map pri-nat permit 10
> >  match ip address 100
> >  match interface Dialer1
> > !
> > route-map sec-nat permit 10
> >  match ip address 101
> >  match interface Dialer2
> > !
> >
> > Simply replace 1.2.3.4 with a host on the internet you would like to
> > monitor, preferably one you wont need to actually reach when your
primary
> > link goes down, since we are explicitly routing that host via the
primary
> > ISP.
> >
> > Other than that, make other adjustments as required, such as interface
> > names, subnets, etc etc. Any routes you want removed from the routing
table
> > when the primary link goes down, add "track 1" after it as per my
example.
> > They'll come back when it comes up again.
> >
> > My example uses dialer interfaces for the WAN connectivity, but it can
> > easily be adapted for any other type or combination of connectivity.
> >
> > Cheers,
> > Tom
> >
> > ----- Original Message -----
> > From: "Adrian Minta" <adrian.minta at gmail.com>
> > To: <cisco-nsp at puck.nether.net>
> > Sent: Thursday, August 16, 2007 4:05 PM
> > Subject: [c-nsp] NAT, dual WAN and a cisco router
> >
> >
> > > Is it possible to use two Internet connection with a cisco router ?
> > > I need to have redundancy for a small NATed LAN.
> > >
> > > Does anyone have this configuration?
> > >
> > > --
> > > Best regards,
> > >
> > > Adrian Minta
> > >
> > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> --
> "The network is the computer"
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list