I have two ISP's.  The first is configured and working properly.  The second ISP should just be a fail over.  Meaning when the first link goes down, the second picks up.  My router config is attached.  As you can see there are two ISP's but the link will not fail over after the main ISP is shutdown.

Thank you for posting the router config. I have looked through it and have found 2 issues, either of which might cause it to not fail over.

1) You are attempting to failover using a floating static route, which is a very common approach to failover. But your static route has made the floating distance to be 255

ip route 0.0.0.0 0.0.0.0 173.211.229.65 255

unfortunately the distance of 255 says that this route information should not be used. Make it some value greater than 1 and less than 255 to fix this issue. (I like to use 250 for failover but any thing in the range will work)

2) With these static routes the interface of the first route will need to transition to the protocol down state for the primary route to be withdrawn and the backup route to be activated. But with an Ethernet interface there are many circumstances where you have lost connectivity to the primary next hop and you would want to failover but the interface is still in the protocol up state and you do not failover. To fix this you probably should use IP SLA to track the primary route and to trigger failover.

I note that the interface for ISP2 is configured as nat outside. But I do not see any address translation for that interface. Will ISP2 see traffic from this interface and have address translation configured for each of your subnets?

HTH

Rick

I do not want any NAT outside on ISP2.  The only reason for this is because ISP2 will be an emergency backup.  I want it to be as simple as possible so that the as few things can go wrong as possible.  Hopefully that makes sense.

Thanks

Andrew

Andrew

There are a couple of things about this that I do not understand.

- the interface for ISP2 is configured with ip nat outside. But you say that you want no address translation for ISP2. Why is the interface ip nat outside?

- your config indicates that ISP2 is using network 192.168.1.0. But your failover route and the access list for that interface suggest that it is using network 173.211.299.64. Which is correct?

- if you have no address translation configured for ISP2, and if failover does work and you begin sending your network traffic through ISP2 what will it do with the private addresses that are the source addresses of your traffic? Will ISP2 be doing address translation for this traffic?

- the access list for ISP2 suggests that you are going to have a GRE/IPsec connection for ISP2. But your config has nothing in it for this VPN.

What clarification can you give me about these things?

HTH

Rick

I am using outside NAT and I have fixed that issue.  After configuring the correct IP address for ISP2, I am having trouble creating the ip route.  It is giving me an invalid next hop (it's this router) error.  Any insight?