Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1902
Views
0
Helpful
9
Replies

dual WAN cisco 1811 failover

policreditos
Level 1
Level 1

‎09-18-2008 09:56 AM - edited ‎03-03-2019 11:36 PM

Hello! I have a router cisco 1811 with 2 of the WAN interface.

I have to configure the WAN connection with two different ISPs to allow failover.

My current setup is as follows:

ip route 0.0.0.0 0.0.0.0 ip_isp-router_1

ip route 0.0.0.0 0.0.0.0 ip_isp-router_2

With this setup, my LAN can connect to the Internet.

But when I disconect one of the two WAN interface to test failover, does not work.

The LAN lose access to the Internet,

Someone can help me please? or show me basic configuration? I do routing protocols

must create? The NTA will only work with a WAN connection .....

Thank you very much!

Labels:
0 Helpful
9 Replies 9

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-18-2008 10:24 AM

Hello Surfinan,

>> The NTA will only work with a WAN connection .....

First of all you need a public address pool from each of the ISP.

Post a filtered version of your config by removing public ip addresses (change them or hide with a X the second and third byte)

So you can get better help

This kind of configuration uses a route-map with multiple clauses to call for the address pools.

Or the two ISPs act as primary and backup and agree on routing to you in case of failure using the second ISP

Hope to help

Giuseppe

0 Helpful

policreditos
Level 1
Level 1
In response to Giuseppe Larosa

‎09-18-2008 11:22 AM

Thanks Giuseppe!

I meant NAT, no NTA, jajaj excuse me

Yes, I need to use one ISP to access to the internet and in case this ISP failure, use the second ISP automatically.

Show running-config:

!

!

interface FastEthernet0

description $ETH-WAN$

ip address 200.xxx.xxx.201 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet1

description $ETH-WAN$

ip address 200.xxx.xxx.217 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface FastEthernet9

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$

ip address 192.168.0.1 255.255.255.0

ip mask-reply

ip directed-broadcast

ip route-cache flow

ip tcp adjust-mss 1452

!

interface Async1

no ip address

encapsulation slip

!

ip route 0.0.0.0 0.0.0.0 200.xxx.xxx.1 permanent

ip route 0.0.0.0 0.0.0.0 200.xxx.xxx.202 permanent

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

no cdp run

!

!

!

!

!

!

control-plane

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to policreditos

‎09-18-2008 11:34 AM

Try setting your routes with a higher metric

The route that you want your packets to take most:

ip route 0.0.0.0 0.0.0.0 200.xxx.xxx.1

The route as a backup

ip route 0.0.0.0 0.0.0.0 200.xxx.xxx.202 200

200 is the metric, but it's higher than your first, so the first will always be used unless it isn't responding.

John

HTH, John *** Please rate all useful posts ***
0 Helpful

policreditos
Level 1
Level 1
In response to John Blakley

‎09-18-2008 11:59 AM

Thanks John, I'm going to do that.

But still can't access internet from the LAN

If I set NAT yes I can, but this only works with one WAN, and the second WAN doesn't work when the first fails.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to policreditos

‎09-18-2008 12:04 PM

Hello,

I had understood you were meaning NAT, post your NAT config to get better help.

I agree you need to use a different AD (it is not a metric it is an AD but the suggestion is useful)

Are you using two address pools one from each provider or only one ?

Hope to help

Giuseppe

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to Giuseppe Larosa

‎09-18-2008 12:11 PM

yes, AD, sorry :-)

I didn't see NAT enabled in your config at all.....

HTH, John *** Please rate all useful posts ***
0 Helpful

policreditos
Level 1
Level 1
In response to John Blakley

‎09-18-2008 12:21 PM

I don't have NAT enabled, because it works with only one WAN interface.

How I must setup a pool to configure NAT to work with two WAN connections?

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to policreditos

‎09-18-2008 12:43 PM

Not sure, but try this:

Fa0:

ip nat out

fa1:

ip nat out

vlan1:

ip nat in

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

ip nat inside sour list 100 int fa0 over

ip nat insid sour list 100 int fa1 over

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0 254

I don't know if this will work, but my thought is that the traffic for your "backup" nat pool won't be used unless there's traffic going out that route.

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card