Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Help with Cisco router config: NAT failover with dual ISP
New Posts  All Forums:Forum Nav:

Help with Cisco router config: NAT failover with dual ISP

post #1 of 7
Thread Starter 
I've configured the ISP failover successfully, but I don't know how to replicate/transfer/failover the forwarded ports on the primary interface to the backup when the connections switch (ie when primary ISP line goes down and the backup line takes over). Below is the running config (relevant parts/modified). The code in between the two lines are what I'm asking about, how can I have those ports forwarded on both Dialer interfaces? preferably operating in an failover state.
Code:
interface GigabitEthernet0/0
 ip address 192.168.0.1 255.255.255.0
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 ip verify unicast reverse-path
 duplex auto
 speed auto
!
!
interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface ATM0/1/0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 ppp chap hostname XXXXXXXXXXXXXXXXX
 ppp chap password XXXXXXXXXXXXXXXXXXX
 ppp pap sent-username XXXXXXXXXXXXXXXXX
!
interface Dialer2
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 2
 ppp chap hostname XXXXXXXXXXXXXXX
 ppp chap password XXXXXXXXXXXXXXXX
 ppp pap sent-username XXXXXXXXXXXXXXXXXXXX
!
!
-----------------------------------------------------------------------------------------------------------------------------------
ip nat inside source static tcp 192.168.0.10 X interface Dialer2 X
ip nat inside source static tcp 192.168.0.10 X interface Dialer2 X
ip nat inside source static tcp 192.168.0.10 X interface Dialer2 X
-----------------------------------------------------------------------------------------------------------------------------------
ip nat inside source route-map ISP1 interface Dialer2 overload
ip nat inside source route-map ISP2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer2 track 100
ip route 0.0.0.0 0.0.0.0 Dialer1 10
!
!
ip sla 100
 icmp-echo [DNS] source-interface Dialer2
 frequency 30
ip sla schedule 100 life forever start-time now
!
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
!
!
!route-map ISP2 permit 10
 match ip address 100
 match interface Dialer1
!
route-map ISP1 permit 10
 match ip address 100
 match interface Dialer2

If my question isn't clear let me know, because my brain is mush atm from working on this for so long.
Edited by hirolla888 - 4/23/12 at 11:14pm
post #2 of 7
Bump since i am taking 101 cisco classes and i hope to end up being able to solve such problems later on smile.gif
post #3 of 7
Thread Starter 
IOS gurus?
post #4 of 7
http://www.networking-forum.com/

You're not going to get that question answered here.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #5 of 7
Thread Starter 
I figured it out just in case others have the same issue.

Basically when I tried to issue the
Code:
ip nat inside source static tcp 192.168.0.10 (port) int dialer1 (port)
via the CLI, I'd get an error saying (port) is already assigned to another interface (dialer2). So I downloaded the Cisco Configuration Professional GUI tool, and essentially issued the same command (actually it was the exact same command, only issued by the software), and it accepted it kookoo.gif.

Anyways, now the ports are forwarded over both dialer 2 and dialer 1. thumb.gif
post #6 of 7
Quote:
Originally Posted by hirolla888 View Post

I figured it out just in case others have the same issue.
Basically when I tried to issue the
Code:
ip nat inside source static tcp 192.168.0.10 (port) int dialer1 (port)
via the CLI, I'd get an error saying (port) is already assigned to another interface (dialer2). So I downloaded the Cisco Configuration Professional GUI tool, and essentially issued the same command (actually it was the exact same command, only issued by the software), and it accepted it kookoo.gif.
Anyways, now the ports are forwarded over both dialer 2 and dialer 1. thumb.gif

Im not as good at Cisco as Scottsee and others but .... I am learning at a rapid pace. I am beginning to really love CCP as well as ASDM for my ASA. However in order to be better than just a gui user, I always preview the commands that the GUI puts out and then I research what each command actually does and then I type them in by hand. It helps my melon between my shoulders actually register what is really going on when I issue the commands.
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
6 Core Battle Box
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core I7-3930K Asus Rampage IV Extreme Powercolor Radeon HD 6990 LCS Edition Diamond Radeon HD 6990 
RAMHard DriveHard DriveHard Drive
Corsair Vengeance Black DDR3-1600 32GB Samsung HD103SJ Crucial M4 60GB SSD Corsair Force3 120GB SSD 
CoolingOSMonitorKeyboard
Custom build water cooling loop Windows 7 Ultimate 64bit Asus Pro 24" Pro-IPS 16:10 x 3 in eyefinity Razer Black Widow Ultimate Cherry Blue switches 
PowerCaseMouse
Corsair AX-1200 GPU PSU and Antec True Power New Caselabs TH10 Razer Deathadder 1800dpi 
  hide details  
Reply
post #7 of 7
Depending on your contracts and company size and hardware.....


A much better solution is to employ a load balancer between the 'primary' and 'failover' line. This way you get increased bandwidth all the time until something fails.....
See the following article: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6659/prod_white_paper0900aecd8045b552.html


But like I said, this breaks most contracts that data centers get with ISP's that provide the 'backup' lines.....
 
Tragbar
(14 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen 1800X Asus Crosshair VI Hero Nvidia Geforce Titan X F4-3600C15D-16GTZ 
Hard DriveHard DriveHard DriveHard Drive
Combined: 6.13 TB of space Samsung SSD 960 EVO 500GB Crucial_CT1050MX300SSD1 M4-CT128M4SSD2 
CoolingCoolingCoolingCooling
EK-Supremacy EVO White Edition PrimoChill PrimoFlex Advanced LRT EK-RES X4 250 (R2.0) Reservoir EK-CoolStream XE 360 
CoolingCoolingCoolingOS
EK-Vardar F4-120ER (2200rpm)  EK-Ekoolant EVO Liquid Coolant EK-XTOP Revo D5 PWM Pump Windows 10 Pro 
MonitorKeyboardPowerCase
Asus VG278H Ducky YOTG Keyboard Corsair AX1200 Corsair Obsidian 800D 
MouseAudioAudioAudio
Logitech G700s Schiit Gungnir Multibit Schiit Mjolnir 2 Schiit LISST 
Audio
Audeze LCD 2 - pre fazor 
CPUMotherboardGraphicsRAM
intel i7 4770K ASRock Z87E-ITX Nvidia Geforce GTX Titan X GSkill F3-2400C10D-16GTX R 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro 512GB Silverstone 12.7mm Slot Load Blu-Ray Burner Noctua NH-L12 Windows 8 Pro 
MonitorCaseAudioAudio
LG PA75U Slim LED Projector Silverstone SG08 Schiit Bifrost Schiit Asgard 2 
AudioOther
AKG Q701 Headphones Pelican 1510 Green Case  
  hide details  
Reply
 
Tragbar
(14 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen 1800X Asus Crosshair VI Hero Nvidia Geforce Titan X F4-3600C15D-16GTZ 
Hard DriveHard DriveHard DriveHard Drive
Combined: 6.13 TB of space Samsung SSD 960 EVO 500GB Crucial_CT1050MX300SSD1 M4-CT128M4SSD2 
CoolingCoolingCoolingCooling
EK-Supremacy EVO White Edition PrimoChill PrimoFlex Advanced LRT EK-RES X4 250 (R2.0) Reservoir EK-CoolStream XE 360 
CoolingCoolingCoolingOS
EK-Vardar F4-120ER (2200rpm)  EK-Ekoolant EVO Liquid Coolant EK-XTOP Revo D5 PWM Pump Windows 10 Pro 
MonitorKeyboardPowerCase
Asus VG278H Ducky YOTG Keyboard Corsair AX1200 Corsair Obsidian 800D 
MouseAudioAudioAudio
Logitech G700s Schiit Gungnir Multibit Schiit Mjolnir 2 Schiit LISST 
Audio
Audeze LCD 2 - pre fazor 
CPUMotherboardGraphicsRAM
intel i7 4770K ASRock Z87E-ITX Nvidia Geforce GTX Titan X GSkill F3-2400C10D-16GTX R 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro 512GB Silverstone 12.7mm Slot Load Blu-Ray Burner Noctua NH-L12 Windows 8 Pro 
MonitorCaseAudioAudio
LG PA75U Slim LED Projector Silverstone SG08 Schiit Bifrost Schiit Asgard 2 
AudioOther
AKG Q701 Headphones Pelican 1510 Green Case  
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Help with Cisco router config: NAT failover with dual ISP