Two ISP for failover on Cisco

orahman99 · ‎12-13-2012

I  have  a configuration as follows to allow for proper dynamic  and static Nats of both my primary ISP and secondary ISP as below and  everything is working , but the 10.0.0.52 server mapped to the 216.140.140.4 (Primary ISP) and 216.150.150.6 (Secondary ISP) wokrs when accessed through the Primary ISP (216.140.140.4) but not through the 216.150.150.5. I checked the Nat translations and It shows that translations are being done for the 10.0.0.52 to the 216.150.150.6 but I can access it though.
One thing to point out though is that the 10.0.0.52 is my DNS server in my internal network and host a list of websites withe internal address of 10.0.0.59,.61,.53.
and I can only access the 10.0.0.61 website.
I was thinking that may be I might need to point to a DNS server using the ip name-server 10.0.0.52 command but am confused becase the same address is accessible with the Primary ISP without the Name-server command being there.
Can someone please let me know what I might need to do.


ip sla 1
Icmp-Echo 216.140.140.1 source-ip 216.140.140.2
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
ip sla monitor 2
Icmp-Echo 216.150.150.254 source-ip 216.150.150.4
timeout 1000
threshold 2
frequency 3
ip sla schedule 2 life forever start-time now
!
!
track 1 sla 1 reachability
!
track 2 sla 2 reachability
!
!
interface gi0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map PRIVATE-INGRESS
duplex auto
speed auto
no keepalive
!
interface gi0/1
ip address 216.150.150.4 255.255.255.0 secondary
ip address 216.140.140.2 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

ip route 0.0.0.0 0.0.0.0 216.140.140.1 track 1
ip route 0.0.0.0 0.0.0.0 216.150.150.254 10
!
!
ip nat pool PRIMARY-POOL 216.140.140.2 216.140.140.2 prefix-length 27
ip nat pool SECONDARY-POOL 216.150.150.4 216.150.150.4 prefix-length 24
ip nat inside source route-map PRIMARY-NAT pool PRIMARY-POOL overload
ip nat inside source route-map SECONDARY-NAT pool SECONDARY-POOL overload
ip nat inside source static 10.0.0.52 216.140.140.4 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.53 216.140.140.5 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.59 216.140.140.6 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.61 216.140.140.7 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.228 216.140.140.8 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.16 216.140.140.11 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.30 216.140.140.12 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.251 216.140.140.13 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.44 216.140.140.15 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.54 216.140.140.16 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.23 216.140.140.17 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.58 216.140.140.18 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.230 216.140.140.19 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.216 216.140.140.21 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.220 216.140.140.22 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.33 216.140.140.25 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.21 216.140.140.26 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.22 216.140.140.27 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.24 216.140.140.28 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.25 216.140.140.29 route-map STATIC-NAT-PRIMARY
ip nat inside source static 10.0.0.59 216.150.150.5 route-map STATIC-NAT-SECONDARY
ip nat inside source static 10.0.0.52 216.150.150.6 route-map STATIC-NAT-SECONDARY
ip nat inside source static 10.0.0.53 216.150.150.7 route-map STATIC-NAT-SECONDARY
ip nat inside source static 10.0.0.16 216.150.150.8 route-map STATIC-NAT-SECONDARY
ip nat inside source static 10.0.0.58 216.150.150.9 route-map STATIC-NAT-SECONDARY
ip nat inside source static 10.0.0.61 216.150.150.11 route-map STATIC-NAT-SECONDARY
!
ip access-list standard PRIMARY-NEXT-HOP
 permit 216.140.140.1
ip access-list standard SECONDARY-NEXT-HOP
 permit 216.150.150.254
ip access-list standard DYNAMIC-PRIMARY
deny 10.0.0.24
deny 10.0.0.25
deny 10.0.0.30
deny 10.0.0.16
deny 10.0.0.22
deny 10.0.0.23
deny 10.0.0.21
deny 10.0.0.33
deny 10.0.0.44
deny 10.0.0.58
deny 10.0.0.59
deny 10.0.0.61
deny 10.0.0.54
deny 10.0.0.52
deny 10.0.0.53
deny 10.0.0.216
deny 10.0.0.220
deny 10.0.0.230
deny 10.0.0.228
deny 10.0.0.251
permit 10.0.0.0 0.255.255.255
ip access-list standard DYNAMIC-SECONDARY
deny 10.0.0.59
deny 10.0.0.52
deny 10.0.0.53
deny 10.0.0.16
deny 10.0.0.58
deny 10.0.0.61
permit 10.0.0.0 0.255.255.255
!
!
route-map STATIC-NAT-PRIMARY permit 10
 match ip next-hop PRIMARY-NEXT-HOP
!
route-map STATIC-NAT-PRIMARY deny 20
!
route-map STATIC-NAT-SECONDARY permit 10
 match ip next-hop SECONDARY-NEXT-HOP
!
route-map STATIC-NAT-SECONDARY deny 20
!
route-map SECONDARY-NAT permit 10
 match ip address DYNAMIC-SECONDARY
 match ip next-hop SECONDARY-NEXT-HOP
!
route-map SECONDARY-NAT deny 20
!
route-map PRIVATE-INGRESS permit 10
 set ip next-hop verify-availability 216.140.140.1 10 track 1
 set ip next-hop verify-availability 216.150.150.254 20 track 2
!
route-map PRIVATE-INGRESS permit 11
!
route-map PRIMARY-NAT permit 10
 match ip address DYNAMIC-PRIMARY
 match ip next-hop PRIMARY-NEXT-HOP
!
route-map PRIMARY-NAT deny 20

Leo Laohoo · ‎12-13-2012

Duplicate post #1.