Hello Experts,

I have an interesting situation that I can't find a Cisco supported configuration for. My customer has a pair of 5520's setup in a failover pair and has two internet connections. The primary ISP has an Adtran router onsite, but the backup ISP did not provide a CPE router. I only found this out when I was onsite and needed to get it working otherwise I would have suggested purchasing another router.

I am trying to find out if this would be a supported configuration.

Here are the important parts for the way I got it working to fail over to the backup ISP and still provide outside access to critical applications. I substituted private IP addesses to protect the customer's identity.

interface GigabitEthernet0/0

nameif outside-primary

security-level 0

ip address 10.10.10.162 255.255.255.224

!

interface GigabitEthernet0/1

nameif outside-backup

security-level 0

ip address 10.10.100.70 255.255.255.252

!

object network SVREX2010-PRIMARY

nat (inside,outside-primary) static 10.10.10.163

object network SVREX2010-BACKUP

nat (inside,outside-backup) static 10.10.200.187

route outside-primary 0.0.0.0 0.0.0.0 10.10.10.161 1 track 1

route outside-backup 0.0.0.0 0.0.0.0 10.10.100.69 10 track 2

sla monitor 10

type echo protocol ipIcmpEcho interface outside-primary

num-packets 4

frequency 10

sla monitor schedule 10 life forever start-time now

sla monitor 11

type echo protocol ipIcmpEcho interface outside-backup

num-packets 4

frequency 10

sla monitor schedule 11 life forever start-time now

!

track 1 rtr 10 reachability

!

track 2 rtr 11 reachability

So as you can see the primary internet is all on the same IP subnet, but the backup NAT object is an IP address on a completely different subnet than the "outside-backup" interface. As a note, this is working perfectly and it is only a temporary situation, but if it would be supported I may end up using this configuration again as a perminent solution.

Thanks much for any advice!