Re: What is solution of nat failover with 2 ISPs?

weerapatr · ‎11-04-2006

Now I have lease line link to 2 ISPs for internet connection. I separate packets of users by accesslist such as www go to ISP1 and mail or other protocol go to ISP2 . Let's say link go to ISP1 down I need www traffics failover to ISP2 and vice versa.

Problem is acl on nat statement?

If you config about this.

access-l 101 permit tcp any any www -->www traffic to ISP1

access-l 101 permit tcp any any mail --> back up for mail packet to ISP2 down

----------------

access-l 102 permit tcp any any mail -->mail packet to ISP2

access-l 102 permit tcp any any www --> back up for www traffic go to ISP2

ip nat inside source list 101 interface s0 overload

ip nat inside source list 102 interface s1 overload

In this case is links of ISP1 and ISP2 are UP.

when you apply this acl on nat statement then nat will process each statement in order( if I incorrect please correct me) so mail traffics will match in this acl and then nat with ip of ISP1 only.

please advice solution about this

TIA

network.king · ‎11-05-2006

Hi,

If you have two serial links connecting to two diff service provider , then you can try this .

access-l 101 permit tcp any any www

access-l 102 permit tcp any any mail

route-map isp1 permit 10

match ip address 101

set interface s0

route-map isp2 permit 10

match ip address 102

set interface s1

ip nat inside route-map isp1 interface s0 overload

ip nat inside source route-map isp2 interface s1 overload

ip nat inside source list 103 interface s0 overload

ip nat inside source list 104 interface s1 overload

ip route 0.0.0.0 0.0.0.0 s0

ip route 0.0.0.0 0.0.0.0 s1 100

In case if any of the link fails , automatically the other traffic would prefer the other serial.

I have not tried the config , just worked out the config on logic .pls go through and try if possible

pls see the note2 column

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml#related

Hope it helps

regards

vanesh k