Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
2
Replies

Getting NAT to behave in a low-end dual ISP setup

vcjones
Level 5
Level 5

‎07-22-2004 06:35 AM - edited ‎03-02-2019 05:14 PM

Experimenting with the new features in IOS 12.3(8)T and thought I finally had a Cisco solution to the classic fully redundant Internet connection using a pair of low cost (no BGP) ISPs. SAA (ping based routing) works great for detecting link down, the problem turns out to be getting NAT to bahave!

When the active link goes down, the default route switches automagically, but it is only useable for new connections until a "clear ip nat trans *" is executed. I know how to reduce the timeout on translations, but that is not a generic solution because I cannot guarantee a time gap between attempts nor can I control the keep alive interval on TCP connections.

The problem appears to be that once a translation is assigned, the "ip nat inside source route-map..." statements are ignored. That is, the statements which control the assignment of NATs are only checked if there is not already a translation assigned to the address. As a result, the classic trick of assigning the NAT based on the outbound interface only works for the initial assignment and unless the translations are manually cleared, will not switch the NAT to match the remaining interface.

Short of running a daemon on a local PC or fixing things so only one of the paths needs NAT (e.g. getting a static block from one ISP or doing the NATting for one of the ISPs with a separate box) is there any way to automatically force the NAT translations to be reassigned before they have timed out? I would dearly love to have a manageable one-box Cisco alternative for Nexland & Symantec users.

Vincent C Jones

www.networkingunlimited.com

Labels:
0 Helpful
2 Replies 2

vcjones
Level 5
Level 5
In response to carenas123

‎07-28-2004 10:29 AM

Please clarify how this link is supposed to help. I stated in the original problem statement that setting the ip nat translation timeout to a shorter value was not a useful solution because the timeouts must be set long enough to support legitimate traffic under normal conditions. Limiting the number of translations is not helpful either, as the problem is getting rid of valid translations which have values for the (now) wrong interface.

Vincent C Jones

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card