11-04-2011 08:18 AM - edited 03-07-2019 03:13 AM
Hi Dears. configurated two isp at my router. i want to make both ISP the links as back up of each other.In case of one of the link goes my all the traffic will use the other link.
i have one subnet(192.168.10.0/24). subnet diveded 2 groups. one group is nat ISP1 and other group which is 7 ip address is nat ISP2 at same time. back each other.
i have no problem at this dynamic nat translation.and i have one mail server which i do static nat. i have one server so i have one mail server private ip 192.168.10.7.
i do static nat for mail server at one ISP1. now i want to do my mail server is do nat translation two ISP one of primary and one is backup for my mail server. this is my working config.
who can help me???? this is very interesting issue. please help me.
Current configuration : 4301 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Primary
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
track timer interface 5
!
track 1 interface GigabitEthernet0/0 line-protocol
!
track 2 ip sla 1 reachability
delay down 15 up 10
!
track 3 ip sla 2 reachability
delay down 15 up 10
!
!
!
!
crypto dynamic-map dynmap 10
reverse-route
!
!
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0/0.116
description connected to ISP1
encapsulation dot1Q 116
ip address 81.x.x.10 255.255.255.248
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0.859
description connected to ISP2
encapsulation dot1Q 859
ip address 85.x.x.114 255.255.255.240
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map Classify
duplex auto
speed auto
standby 1 ip 10.0.0.3
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 20
!
!
ip forward-protocol nd
ip forward-protocol udp isakmp
ip forward-protocol udp non500-isakmp
!
no ip http server
no ip http secure-server
!
ip nat translation timeout 30
ip nat inside source route-map ISP1 interface GigabitEthernet0/0.116 overload that are working
ip nat inside source route-map ISP2 interface GigabitEthernet0/0.859 overload
ip nat inside source static 192.168.10.7 81.x.x.12 route-map MAIL-Server this one is working and i want to add backup ISP to my mail server.
ip route 0.0.0.0 0.0.0.0 81.x.x.9
ip route 0.0.0.0 0.0.0.0 85.x.x.113
ip route 192.168.10.0 255.255.255.0 10.0.0.2
!
ip sla 1
icmp-echo 81.x.x.9 source-interface GigabitEthernet0/0.116
timeout 1000
threshold 1000
frequency 2
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 85.x.x.113 source-interface GigabitEthernet0/0.859
timeout 1000
threshold 1000
frequency 2
ip sla schedule 2 life forever start-time now
access-list 101 deny ip host 192.168.10.7 any
access-list 101 permit ip 192.168.10.0 0.0.0.127 any
access-list 101 permit ip 192.168.10.128 0.0.0.63 any
access-list 101 permit ip 192.168.10.192 0.0.0.31 any
access-list 101 permit ip 192.168.10.224 0.0.0.15 any
access-list 101 permit ip 192.168.10.240 0.0.0.7 any
access-list 102 permit ip 192.168.10.248 0.0.0.7 any
access-list 103 permit ip 192.168.10.0 0.0.0.127 any
access-list 103 permit ip 192.168.10.128 0.0.0.63 any
access-list 103 permit ip 192.168.10.192 0.0.0.31 any
access-list 103 permit ip 192.168.10.224 0.0.0.15 any
access-list 103 permit ip 192.168.10.240 0.0.0.7 any
access-list 104 permit ip 192.168.10.248 0.0.0.7 any
access-list 105 permit ip host 192.168.10.7 any
!
!
!
!
route-map MAIL-Server permit 10
match ip address 105
match interface GigabitEthernet0/0.116
!
route-map Classify permit 10
match ip address 103
set ip next-hop verify-availability 81.x.x.9 1 track 2
set ip next-hop verify-availability 85.x.x.113 2 track 3
!
route-map Classify permit 20
match ip address 104
set ip next-hop verify-availability 85.x.x.113 1 track 3
set ip next-hop verify-availability 81.x.x.9 2 track 2
!
route-map ISP2 permit 20
match ip address 102 101
match interface GigabitEthernet0/0.859
!
route-map ISP1 permit 10
match ip address 101 102
match interface GigabitEthernet0/0.116
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
event manager applet Track2down
event track 2 state down
action 1 cli command "enable"
action 2 cli command "clear ip nat translation *"
event manager applet track2UP
event track 2 state up
action 1 cli command "enable"
action 2 cli command "clear ip nat translation *"
event manager applet Track3Down
event track 3 state down
action 1 cli command "enable"
action 2 cli command "clear ip nat translation *"
event manager applet Track3Up
event track 3 state up
action 1 cli command "enable"
action 2 cli command "clear ip nat translation *"
!
end
11-04-2011 09:11 AM
Hi,
Considering both ISPs are only on this router then just change this:
ip nat inside source static 192.168.10.7 81.x.x.12 route-map MAIL-Server
To:
ip nat inside source static 192.168.10.7 81.x.x.12 extendable
ip nat inside source static 192.168.10.7 85.x.x.x extendable
But you won't have stateful NAT with this config for this you would need 2 routers and use SNAT with ot without HSRP or use an ASA pair in Active/Standby or Active/Active mode.
Regards.
Alain.
11-04-2011 11:31 AM
i do not think that it is work if i add or change as you wrote me
ip nat inside source static 192.168.10.7 81.x.x.12 extendable
ip nat inside source static 192.168.10.7 85.x.x.x extendable
it is simple nat translation, i have dual isp and i want my mail server to do static nat to two isp redundancy. one isp is primary second isp is backup.
11-04-2011 12:26 PM
Hi,
why would it not work?
It will work because static nat entries only make dynamic entries when a coonection is made from outside to inside and so if the ISP1 is down people can still connect from outside through ISP2 and as the backup static route is inserted in the RIB the dynamic entry created will work without any problem.
Alain.
11-04-2011 08:25 PM
Once you setup the pbr with ipsla for selecting the ISP and next hope you can have two static nat like below for nating per ISP
Access-list 100 permit ip x.x.x.x 255.255.255.255 any. Where x.x.x.x is the mail server ip
Route-map ISP1
Match ip address 100
Match interface x/x. Interface to ISP1
Route-map isp2
Match ip address 100
Match interface y/y. Interface to ISP2
Ip nat static x.x.x.x y.y.y.y route-map isp1
Ip nat static x.x.x.x z.z.z.z route-map isp2
See the below link for an example
https://supportforums.cisco.com/docs/DOC-8313
Hope this help
If helpful rate
11-04-2011 08:25 PM
Sorry the ip nat command is
Ip nat inside source .... Then the rest
08-07-2012 06:26 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: