Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
420
Views
0
Helpful
1
Replies

Two ISP for failover on Cisco

orahman99
Level 1
Level 1

‎12-13-2012 04:43 PM - edited ‎03-04-2019 06:24 PM

Can someone Please check my configuration an let me know if it is correct,

I want it such that, My Primary ISP works most of the time and all statically mapped IP's are used to access the Internet and server resources.

and all others use the dynamic Nat of 216.140.140.2 to access internet/resources.

And for the Secondary ISP which should only work when the Primary goes down, should work such that only its 7 staticall Nated servers access the internet/resources using their respective public ip, and all others should use the dynamic Nat.

Would appreciate any relevan help.

Thanks



configuration::

ip sla 1

Icmp-Echo 216.140.140.1 source-ip 216.140.140.2

timeout 1000

threshold 2

frequency 3

ip sla schedule 1 life forever start-time now

ip sla monitor 2

Icmp-Echo 216.150.150.254 source-ip 216.150.150.4

timeout 1000

threshold 2

frequency 3

ip sla schedule 2 life forever start-time now

!

!

track 1 sla 1 reachability

!

track 2 sla 2 reachability

!

!

interface gi0/0

ip address 10.0.0.254 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map PRIVATE-INGRESS

duplex auto

speed auto

no keepalive

!

interface gi0/1

ip address 216.150.150.4 255.255.255.0 secondary

ip address 216.140.140.2 255.255.255.224

ip nat outside

ip virtual-reassembly

duplex auto

speed auto


ip route 0.0.0.0 0.0.0.0 216.140.140.1 track 1

ip route 0.0.0.0 0.0.0.0 216.150.150.254 10

!

!


ip nat pool PRIMARY-POOL 216.140.140.2 216.140.140.2 prefix-length 27

ip nat pool SECONDARY-POOL 216.150.150.4 216.150.150.4 prefix-length 24

ip nat inside source route-map PRIMARY-NAT pool PRIMARY-POOL overload

ip nat inside source route-map SECONDARY-NAT pool SECONDARY-POOL overload

ip nat inside source static 10.0.0.52 216.140.140.4 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.53 216.140.140.5 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.59 216.140.140.6 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.61 216.140.140.7 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.228 216.140.140.8 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.16 216.140.140.11 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.30 216.140.140.12 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.251 216.140.140.13 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.44 216.140.140.15 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.54 216.140.140.16 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.23 216.140.140.17 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.58 216.140.140.18 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.230 216.140.140.19 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.216 216.140.140.21 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.220 216.140.140.22 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.33 216.140.140.25 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.21 216.140.140.26 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.22 216.140.140.27 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.24 216.140.140.28 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.25 216.140.140.29 route-map STATIC-NAT-PRIMARY

ip nat inside source static 10.0.0.59 216.150.150.5 route-map STATIC-NAT-SECONDARY

ip nat inside source static 10.0.0.52 216.150.150.6 route-map STATIC-NAT-SECONDARY

ip nat inside source static 10.0.0.53 216.150.150.7 route-map STATIC-NAT-SECONDARY

ip nat inside source static 10.0.0.16 216.150.150.8 route-map STATIC-NAT-SECONDARY

ip nat inside source static 10.0.0.58 216.150.150.9 route-map STATIC-NAT-SECONDARY

ip nat inside source static 10.0.0.61 216.150.150.11 route-map STATIC-NAT-SECONDARY


ip access-list standard PRIMARY-NEXT-HOP

permit 216.140.140.1

ip access-list standard SECONDARY-NEXT-HOP

permit 216.150.150.254

ip access-list standard TO-BE-NATTED-PRIMARY

deny 10.0.0.24

deny 10.0.0.25

deny 10.0.0.30

deny 10.0.0.16

deny 10.0.0.22

deny 10.0.0.23

deny 10.0.0.21

deny 10.0.0.33

deny 10.0.0.44

deny 10.0.0.58

deny 10.0.0.59

deny 10.0.0.61

deny 10.0.0.54

deny 10.0.0.52

deny 10.0.0.53

deny 10.0.0.216

deny 10.0.0.220

deny 10.0.0.230

deny 10.0.0.228

deny 10.0.0.251

permit 10.0.0.0 0.255.255.255

ip access-list standard TO-BE-NATTED-SECONDARY

deny 10.0.0.59

deny 10.0.0.52

deny 10.0.0.53

deny 10.0.0.16

deny 10.0.0.58

deny 10.0.0.61

permit 10.0.0.0 0.255.255.255

!

!

route-map STATIC-NAT-PRIMARY permit 10

match ip next-hop PRIMARY-NEXT-HOP

!

route-map STATIC-NAT-PRIMARY deny 20

!

route-map STATIC-NAT-SECONDARY permit 10

match ip next-hop SECONDARY-NEXT-HOP

!

route-map STATIC-NAT-SECONDARY deny 20

!

route-map SECONDARY-NAT permit 10

match ip address TO-BE-NATTED-SECONDARY

match ip next-hop SECONDARY-NEXT-HOP

!

route-map SECONDARY-NAT deny 20

!

route-map PRIVATE-INGRESS-PRIMARY permit 10

match ip address TO-BE-NATTED-PRIMARY

set ip next-hop verify-availability 216.140.140.1 10 track 1

!

route-map PRIVATE-INGRESS-PRIMARY permit 11


route-map PRIVATE-INGRESS-SECONDARY permit 10

match ip address TO-BE-NATTED-SECONDARY

set ip next-hop verify-availability 216.150.150.254 20 track 2

!

route-map PRIVATE-INGRESS-SECONDARY permit 11

!

route-map PRIMARY-NAT permit 10

match ip address TO-BE-NATTED-PRIMARY

match ip next-hop PRIMARY-NEXT-HOP

!

route-map PRIMARY-NAT deny 20

Labels:
0 Helpful
1 Reply 1

Leo Laohoo
Hall of Fame
Hall of Fame

‎12-13-2012 04:47 PM

Duplicate post #2.

0 Helpful
Customers Also Viewed These Support Documents