03-31-2011 11:25 AM - edited 03-04-2019 11:56 AM
Here's the setup: a router connecting to two ISPs, one on DSL and one on 4G. Both of these interfaces are assigned via DHCP and configured as nat outside. The nat inside interface would host a few clients wanting to get to the Internet. The routing is such that DSL is primary and 4G is secondary.
The problem is that when I disconnect the DSL, clients are not getting NAT'd out the 4G connection. I can ping out that interface from the router, but one of two things happens: 1) with a ip nat source list <interface> overload, it completely fails; 2) with a route-map that matches the outbound interface, it works, but only if you clear the existing translations.
Thanks in advance for any suggestions.
Sean
This config works until the primary link goes down:
!
ip nat source list 20 interface GigabitEthernet0/0 overload
ip nat source list 21 interface GigabitEthernet0/1 overload
03-31-2011 11:46 AM
Sean,
You should only need one ACL to implement this. Also with your second config I would try and add the match ip address 2* to the route-maps.
You can lower the NAT translation timeout with these commands
ip nat translation tcp-timeout 30
ip nat translation udp-timeout 30
03-31-2011 12:31 PM
Thanks for the reply.
The reason I'm using 2 ACLs is that the ip nat inside source command will not allow me to assign the same ACL to two different interfaces. Same with the route-map suggestion.
04-01-2011 01:16 PM
I opened up a case with TAC and they identified an internal bug related to nat timeouts using IP SLA and tracking (which I didn't mention I was using). Here's the config as it should work (minus the tracking). With tracking however, you have to manually do "clear ip nat trans *" for it to work as you would normally expect; otherwise the inside hosts stay bound to the outside interface even after it goes down. Cisco's workaround for me was to use EEM to do the clear ip nat trans.
interface GigabitEthernet0/0
description primary
ip dhcp client default-router distance 8
ip address dhcp
ip nat outside
ip virtual-reassembly
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide