Solved: Creating a redundant internet link to another router

earwicker.darren · ‎08-20-2014

Hello,

I am trying to create a redundent link from the watchguard router to the cisco router. Both have an individual ISP internet connection. The watchguard is used for all of our internal office networks and the router is an 800 series router hosting our guest network.

What I want to do is connect both devices as shown in the diagram below so that if the ISP link goes down on Watch guard it will instead use the connection the Guest router to reastablish internet connection.

A few suggestions I am looking up is double NAT and configuring a DMZ. Any advice and configuration will be appreciated.

LJ Gabrillo · ‎08-20-2014

I would recommend using the "track" feature of cisco: It disables a route if it is not reachable. It's quite simple:

#conf t

#interface f0/0 -to local internet

#ip nat outside

#interface f0/1 -to watchguard internet

#ip nat outside

#interface e0/0/0 -assume your LAN in router

#ip nat inside

#ip access-list extended NAT

#permit ip 10.1.1.0 0.0.0.255 any

#route-map NAT1 permit 10

#match ip address NAT

#match interface f0/0

#route-map NAT2 permit 10

#match ip address NAT

#match interface f0/1

#ip nat inside source route-map NAT1 interface f0/0 overload

#ip nat inside source route-map NAT2 interface f0/1 overload

#ip sla 1

#icmp-echo 80.X.X.X source-interface f0/0

#timeout 5000 -in ms

#frequency 5 -in s [Freq >/= Timeout]

#ip sla schedule 1 life forever start-time now

#ip sla 2

#icmp-echo <IP of WatchGuard to router> source-interface f0/1

#timeout 5000 -in ms

#frequency 5 -in s [Freq >/= Timeout]

#ip sla schedule 2 life forever start-time now

#track 10 rtr 1 reachability

#delay down 1 up 1

#track 20 rtr 2 reachability

#delay down 1 up 1

#ip route 0.0.0.0 0.0.0.0 80.X.X.X track 10

#ip route 0.0.0.0 0.0.0.0 <WG IP to Router> track 20

In the above config, I have delayed about 5 sec. when the route will shutdown.
To add, since these static routes hve an equal path cost. Load balancing is also in play :)

You can try to simulate: unplug the main internet link from router, and after 5 sec. you will notice a log in the router meaning it's working
You can even confirm it "show ip route" the main static route will dissappear.

Don't forget to configure your watchguard as well to give off internet to 10.x.x.x

View solution in original post

LJ Gabrillo · ‎08-20-2014

I would recommend using the "track" feature of cisco: It disables a route if it is not reachable. It's quite simple:

#conf t

#interface f0/0 -to local internet

#ip nat outside

#interface f0/1 -to watchguard internet

#ip nat outside

#interface e0/0/0 -assume your LAN in router

#ip nat inside

#ip access-list extended NAT

#permit ip 10.1.1.0 0.0.0.255 any

#route-map NAT1 permit 10

#match ip address NAT

#match interface f0/0

#route-map NAT2 permit 10

#match ip address NAT

#match interface f0/1

#ip nat inside source route-map NAT1 interface f0/0 overload

#ip nat inside source route-map NAT2 interface f0/1 overload

#ip sla 1

#icmp-echo 80.X.X.X source-interface f0/0

#timeout 5000 -in ms

#frequency 5 -in s [Freq >/= Timeout]

#ip sla schedule 1 life forever start-time now

#ip sla 2

#icmp-echo <IP of WatchGuard to router> source-interface f0/1

#timeout 5000 -in ms

#frequency 5 -in s [Freq >/= Timeout]

#ip sla schedule 2 life forever start-time now

#track 10 rtr 1 reachability

#delay down 1 up 1

#track 20 rtr 2 reachability

#delay down 1 up 1

#ip route 0.0.0.0 0.0.0.0 80.X.X.X track 10

#ip route 0.0.0.0 0.0.0.0 <WG IP to Router> track 20

In the above config, I have delayed about 5 sec. when the route will shutdown.
To add, since these static routes hve an equal path cost. Load balancing is also in play :)

You can try to simulate: unplug the main internet link from router, and after 5 sec. you will notice a log in the router meaning it's working
You can even confirm it "show ip route" the main static route will dissappear.

Don't forget to configure your watchguard as well to give off internet to 10.x.x.x