Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
9
Replies

dual WAN single LAN

adel85
Level 1
Level 1

‎05-27-2024 02:32 PM

I have a customer with cisco router has dual WAN and single LAN, customer required that dual WAN should work active/active
I changed the IP but the config is copy pasted, from below config the connection still going through ISP1 only, what should I change or do to make it active/active for only single LAN.

track 1 ip sla 1 reachability

interface GigabitEthernet0/0/1
description To_ISP2
ip address 2.2.2.6 255.255.255.248
ip nat outside

 

interface GigabitEthernet0/0/2
description To_ISP1
ip address 1.1.1.6 255.255.255.248
ip nat outside

ip nat pool ISP1 1.1.1.2 1.1.1.5 netmask 255.255.255.248
ip nat pool ISP2 2.2.2.2 2.2.2.5 netmask 255.255.255.248
ip nat inside source list ACL-NAT2 pool ISP2 overload
ip nat inside source route-map nat1 interface GigabitEthernet0/0/2 overload
ip nat inside source route-map nat2 interface GigabitEthernet0/0/1 overload
ip nat inside source list ACL-NAT pool ISP1 overload
ip route 0.0.0.0 0.0.0.0 154.236.185.225 track 1
ip route 0.0.0.0 0.0.0.0 41.187.48.73


!
!
ip access-list extended ACL-NAT
10 deny ip 10.30.61.0 0.0.0.255 10.50.1.0 0.0.0.255
20 deny ip 10.30.61.0 0.0.0.255 192.168.25.0 0.0.0.255
30 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
40 deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.224.255.255
50 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
60 permit ip 10.30.61.0 0.0.0.255 any
ip access-list extended ACL-NAT2
10 deny ip 10.30.61.0 0.0.0.255 10.50.1.0 0.0.0.255
20 deny ip 10.30.61.0 0.0.0.255 192.168.25.0 0.0.0.255
30 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
40 deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.224.255.255
50 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
60 permit ip 10.30.61.0 0.0.0.255 any

ip access-list extended ISP1
10 deny ip host 2.2.2.6 any
20 permit ip 10.0.0.0 0.255.255.255 any

ip access-list extended ISP2
10 deny ip host 1.1.1.6 any
20 permit ip 10.0.0.0 0.255.255.255 any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/2
ip sla schedule 1 life forever start-time now
!
route-map sorting2 permit 10
match ip address ISP2
set ip next-hop 2.2.2.1
!
route-map nat2 permit 20
match ip address ISP2
match interface GigabitEthernet0/0/1
!
route-map nat1 permit 10
match ip address ISP1
match interface GigabitEthernet0/0/2
!
route-map sorting permit 20
match ip address ISP1
set ip next-hop 1.1.1.1

Labels:
0 Helpful
9 Replies 9

MHM Cisco World
VIP
VIP

‎05-27-2024 03:14 PM

This not complete config 

Where you apply pbr?

MHM

0 Helpful

adel85
Level 1
Level 1
In response to MHM Cisco World

‎05-27-2024 03:25 PM

I don't know what I use pbr for, this is all the configuration for routing & natting the rest is username and basic stuff.

 

0 Helpful

adel85
Level 1
Level 1
In response to MHM Cisco World

‎05-28-2024 12:39 AM

Thank you for the link but in my case the customer LAN is just one subnet needed to be shared with dual WAN no servers no special ports for specific wan just 10.60.31.0/24 this subnet for both WAN, how do I achieve that and what is the right natting 

0 Helpful

MHM Cisco World
VIP
VIP
In response to adel85

‎05-28-2024 10:32 AM

In that case 

-Two same defualt route with same ad amd metric is simple solution (you can use track for both defualt route)

-No need route map in NAT. 

For routing check if both defualt route is appear in RIB

MHM

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎05-27-2024 11:53 PM

you can use both the links splitting the load using PBR and fail over each other if you have more LaN subnets - check the example guide :

https://www.balajibandi.com/?p=1643

If you have only 1 Lan subnet like to do active / active follow below : you can split the subnet using different ISP

https://community.cisco.com/t5/routing/dual-isp-configuration/m-p/4145785

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

adel85
Level 1
Level 1
In response to balaji.bandi

‎05-28-2024 01:25 AM

Is there is a way to split it with the 2 default route and natting without splitting the subnet and PBR

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to adel85

‎05-28-2024 12:06 PM

You can put 2 default route and one NAT rule point to both - this is rough way to do (but this is not best practice i suggest) - if you like you can try.

ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload

ip route 0.0.0.0 0.0.0.0 2.2.2.1
ip route 0.0.0.0 0.0.0.0 1.1.1.1

access-list 1 permit 10.0.0.0 0.255.255.255 any

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎05-28-2024 12:36 PM

Hello
See attached for possible solution.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Preview file
3 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card