NAT failover with DUAL ISP on a router Configuration Example

From DocWiki

(Difference between revisions)
Jump to: navigation, search
m (Configuration)
(Related Information)
Line 97: Line 97:
[[Category: WAN Configuration Examples]]
<!--Add appropriate categories-->
[[Category: Router Configuration Examples]]
WAN Configuration Examples, NAT Configuration

Latest revision as of 14:18, 7 June 2010



This is an generic example of how to configure NAT when there are multiple ISP's for internet connectivity and we want proper Failover i.e when Primary ISP goes down then Secondary takes over with correct NAT happening using the secondary ISP's public ip address


              ------------- ISP1 -------------
             |                                |
             |                                |
LAN -- WAN router                          Internet
             |                                |
             |                                |
              ------------- ISP2 -------------


interface FastEthernet0/0

Description Primary link ISP1

ip address 12.x.x.x

ip nat outside

interface FastEthernet1/0

Description Secondary link ISP2

ip address 76.x.x.x.

ip nat outside

interface FastEthernet1/1

Description Inside LAN segment

ip address

ip nat inside

access-list 100 permit ip any

route-map isp1 permit 10

match ip address 100

match interface FastEthernet0/0

route-map isp2 permit 10

match ip address 100

match interface FastEthernet1/0

ip nat inside source route-map isp1 interface FastEthernet0/0 overload

ip nat inside source route-map isp2 interface FastEthernet1/0 overload

ip route 12.y.y.y -----> Primary Default route pointing towards Next hop ip of ISP1

ip route 76.y.y.y 10 -----> Backup Default route with higher AD (10) pointing towards Next hop ip of ISP2

    • the above example shows how we can perform Failover for PAT (Port Address Translation) for the traffic going out to Internet. By using route-maps and "match interface" option, we can achieve failover for Static NAT translation as well which is generally configured when services are hosted out to the internet like webserver or exchange server hosted inside accessible from Internet

route-map isp1static permit 10

match interface FastEthernet0/0

route-map isp2static permit 10

match interface FastEthernet1/0

ip nat inside source static 12.x.x.x route-map isp1static

ip nat inside source static 76.x.x.x route-map isp2static

Related show Commands

sh run | inc ip nat; sh route-map

Related Information

Rating: 4.4/5 (34 votes cast)

Personal tools