I've got an 1841 with two separate Internet connections via separate ISP's, one using fe0/1 and the other using ser0/0/0. fe0/1 currently provides all Internet including two L2L VPN's and all general Internet via NAT overload using fe0/1 IP. With second Internet T1 on ser0/0/0 I want to accomplish two things - dedicate all traffic from all inside hosts destined to a specific public IP out this line, and provide failover for this traffic back to the Internet on fe0/1 if this line drops. I'm not looking to provide two way failover from either line back to the other, only one way from ser0/0/0 back to fe0/1. Right now I've got separate public IP's on each interface with NAT overload ACL's on each. I've got fe0/1 set as the gateway of last resort, and static routes built to route traffic destined for the two specific public hosts over to ser0/0/0. Based on my limited testing so far, it looks like I also have to mirror permit/deny on the two NAT oveload ACL's for each interface:
ip nat inside source list 105 interface FastEthernet0/1 overload
ip nat inside source list 106 interface Serial0/0/0 overload
access-list 105 deny ip 172.20.11.0 0.0.0.255 host <static host public IP>
access-list 105 permit ip 172.20.11.0 0.0.0.255 any
access-list 106 permit ip 172.20.11.0 0.0.0.255 host <static host public IP>
access-list 106 deny ip 172.20.11.0 0.0.0.255 any
If that's the case then the failover won't work. What am I missing?
Thanks, Matt