NAT failover with DUAL ISP on a router Configuration Example
From DocWiki
m (→Related Information) |
(→Related Information) |
||
| (One intermediate revision not shown) | |||
| Line 17: | Line 17: | ||
interface FastEthernet0/0 | interface FastEthernet0/0 | ||
| + | |||
Description Primary link ISP1 | Description Primary link ISP1 | ||
| + | |||
ip address 12.x.x.x 255.255.255.240 | ip address 12.x.x.x 255.255.255.240 | ||
| + | |||
ip nat outside | ip nat outside | ||
| + | |||
interface FastEthernet1/0 | interface FastEthernet1/0 | ||
| + | |||
Description Secondary link ISP2 | Description Secondary link ISP2 | ||
| + | |||
ip address 76.x.x.x. 255.255.255.0 | ip address 76.x.x.x. 255.255.255.0 | ||
| + | |||
ip nat outside | ip nat outside | ||
| + | |||
interface FastEthernet1/1 | interface FastEthernet1/1 | ||
| + | |||
Description Inside LAN segment | Description Inside LAN segment | ||
| + | |||
ip address 172.168.60.1 255.255.255.0 | ip address 172.168.60.1 255.255.255.0 | ||
| + | |||
ip nat inside | ip nat inside | ||
| + | |||
access-list 100 permit ip 172.168.60.0 0.0.0.255 any | access-list 100 permit ip 172.168.60.0 0.0.0.255 any | ||
| + | |||
route-map isp1 permit 10 | route-map isp1 permit 10 | ||
| + | |||
match ip address 100 | match ip address 100 | ||
| + | |||
match interface FastEthernet0/0 | match interface FastEthernet0/0 | ||
| + | |||
route-map isp2 permit 10 | route-map isp2 permit 10 | ||
| + | |||
match ip address 100 | match ip address 100 | ||
| + | |||
match interface FastEthernet1/0 | match interface FastEthernet1/0 | ||
| + | |||
ip nat inside source route-map isp1 interface FastEthernet0/0 overload | ip nat inside source route-map isp1 interface FastEthernet0/0 overload | ||
| + | |||
ip nat inside source route-map isp2 interface FastEthernet1/0 overload | ip nat inside source route-map isp2 interface FastEthernet1/0 overload | ||
| + | |||
ip route 0.0.0.0 0.0.0.0 12.y.y.y -----> Primary Default route pointing towards Next hop ip of ISP1 | ip route 0.0.0.0 0.0.0.0 12.y.y.y -----> Primary Default route pointing towards Next hop ip of ISP1 | ||
| + | |||
ip route 0.0.0.0 0.0.0.0 76.y.y.y 10 -----> Backup Default route with higher AD (10) pointing towards Next hop ip of ISP2 | ip route 0.0.0.0 0.0.0.0 76.y.y.y 10 -----> Backup Default route with higher AD (10) pointing towards Next hop ip of ISP2 | ||
| + | |||
| Line 52: | Line 75: | ||
route-map isp1static permit 10 | route-map isp1static permit 10 | ||
| + | |||
match interface FastEthernet0/0 | match interface FastEthernet0/0 | ||
| + | |||
route-map isp2static permit 10 | route-map isp2static permit 10 | ||
| + | |||
match interface FastEthernet1/0 | match interface FastEthernet1/0 | ||
| + | |||
ip nat inside source static 172.168.60.2 12.x.x.x route-map isp1static | ip nat inside source static 172.168.60.2 12.x.x.x route-map isp1static | ||
ip nat inside source static 172.168.60.2 76.x.x.x route-map isp2static | ip nat inside source static 172.168.60.2 76.x.x.x route-map isp2static | ||
| - | |||
==Related show Commands== | ==Related show Commands== | ||
| Line 71: | Line 97: | ||
| - | + | [[Category: WAN Configuration Examples]] | |
| - | + | [[Category: Router Configuration Examples]] | |
| - | WAN Configuration Examples | + | |
Latest revision as of 14:18, 7 June 2010
Contents |
Introduction
This is an generic example of how to configure NAT when there are multiple ISP's for internet connectivity and we want proper Failover i.e when Primary ISP goes down then Secondary takes over with correct NAT happening using the secondary ISP's public ip address
Design
------------- ISP1 -------------
| |
| |
LAN -- WAN router Internet
| |
| |
------------- ISP2 -------------
Configuration
interface FastEthernet0/0
Description Primary link ISP1
ip address 12.x.x.x 255.255.255.240
ip nat outside
interface FastEthernet1/0
Description Secondary link ISP2
ip address 76.x.x.x. 255.255.255.0
ip nat outside
interface FastEthernet1/1
Description Inside LAN segment
ip address 172.168.60.1 255.255.255.0
ip nat inside
access-list 100 permit ip 172.168.60.0 0.0.0.255 any
route-map isp1 permit 10
match ip address 100
match interface FastEthernet0/0
route-map isp2 permit 10
match ip address 100
match interface FastEthernet1/0
ip nat inside source route-map isp1 interface FastEthernet0/0 overload
ip nat inside source route-map isp2 interface FastEthernet1/0 overload
ip route 0.0.0.0 0.0.0.0 12.y.y.y -----> Primary Default route pointing towards Next hop ip of ISP1
ip route 0.0.0.0 0.0.0.0 76.y.y.y 10 -----> Backup Default route with higher AD (10) pointing towards Next hop ip of ISP2
- the above example shows how we can perform Failover for PAT (Port Address Translation) for the traffic going out to Internet. By using route-maps and "match interface" option, we can achieve failover for Static NAT translation as well which is generally configured when services are hosted out to the internet like webserver or exchange server hosted inside accessible from Internet
route-map isp1static permit 10
match interface FastEthernet0/0
route-map isp2static permit 10
match interface FastEthernet1/0
ip nat inside source static 172.168.60.2 12.x.x.x route-map isp1static
ip nat inside source static 172.168.60.2 76.x.x.x route-map isp2static
Related show Commands
sh run | inc ip nat; sh route-map
Related Information
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml
