Continue of Cisco 1721 and NAT Failover
I have a cisco 1721 with 2 ETh Wic's
Both WIC's are connected to broadband ISP connections with Static IP's
I use WIC1 (ISP1) for all the main Internet traffic, but I need it to failover to the other one when ISP1 is down.
Here is the ip route i use. I have checked to see if the gateway of last resort works and it does. When i pull the plug on ISP1 then the default gateway changes to ISP2 however....Internet connectivity stops completely. I can still ping from the router itself but all internal pinging/browsing stops. Any help would be much apprciated.
interface Ethernet0
description ISP1
ip address 208.x.x.x 255.255.255.248
ip nat outside
half-duplex
crypto map clientmap
!
interface Ethernet1
description ISP2
ip address 24.x.x.x 255.255.252.0
ip nat outside
half-duplex
crypto map clientmap
!
interface FastEthernet0
description Local LAN
ip address 192.168.3.1 255.255.252.0
ip nat inside
speed auto
!
ip local pool ippool 192.168.123.200 192.168.123.250
ip nat inside source route-map ROUTE-NAT interface Ethernet0 overload
ip nat inside source static tcp 192.168.0.231 25 24.x.x.x 25 extendable
ip nat inside source static tcp 192.168.3.250 80 24.x.x.x 80 extendable
ip nat inside source static tcp 192.168.0.231 25 208.x.x.x 25 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 208.x.x.x 50
ip route 0.0.0.0 0.0.0.0 24.x.x.x 55
I can provide whatever else is needed.
Both WIC's are connected to broadband ISP connections with Static IP's
I use WIC1 (ISP1) for all the main Internet traffic, but I need it to failover to the other one when ISP1 is down.
Here is the ip route i use. I have checked to see if the gateway of last resort works and it does. When i pull the plug on ISP1 then the default gateway changes to ISP2 however....Internet connectivity stops completely. I can still ping from the router itself but all internal pinging/browsing stops. Any help would be much apprciated.
interface Ethernet0
description ISP1
ip address 208.x.x.x 255.255.255.248
ip nat outside
half-duplex
crypto map clientmap
!
interface Ethernet1
description ISP2
ip address 24.x.x.x 255.255.252.0
ip nat outside
half-duplex
crypto map clientmap
!
interface FastEthernet0
description Local LAN
ip address 192.168.3.1 255.255.252.0
ip nat inside
speed auto
!
ip local pool ippool 192.168.123.200 192.168.123.250
ip nat inside source route-map ROUTE-NAT interface Ethernet0 overload
ip nat inside source static tcp 192.168.0.231 25 24.x.x.x 25 extendable
ip nat inside source static tcp 192.168.3.250 80 24.x.x.x 80 extendable
ip nat inside source static tcp 192.168.0.231 25 208.x.x.x 25 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 208.x.x.x 50
ip route 0.0.0.0 0.0.0.0 24.x.x.x 55
I can provide whatever else is needed.
You don't have a NAT statement for the traffic to be NAt'ed to your second outside interface.
ASKER
Actually upon looking...my startup-config has boht entries in it (see below) but my running config only picks up the last one specified. I tried entering it manually and it complianed that there was already a %Dynamic mapping in use, cannot change.
Here is the stratup-config
interface Ethernet0
description ISP1
ip address 208.x.x.x255.255.255.248
ip nat outside
half-duplex
crypto map clientmap
!
interface Ethernet1
description ISP2
ip address 24.x.x.x 255.255.252.0
ip nat outside
half-duplex
crypto map clientmap
!
interface FastEthernet0
description Local LAN
ip address 192.168.3.1 255.255.252.0
ip nat inside
speed auto
!
ip local pool ippool 192.168.123.200 192.168.123.250
ip nat inside source route-map ROUTE-NAT interface Ethernet0 overload
ip nat inside source route-map ROUTE-NAT interface Ethernet1 overload
ip nat inside source static tcp 192.168.0.231 25 24.x.x.x 25 extendable
ip nat inside source static tcp 192.168.3.250 80 24.x.x.x 80 extendable
ip nat inside source static tcp 192.168.0.231 25 208.x.x.x 25 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 208.x.x.x 50
ip route 0.0.0.0 0.0.0.0 24.x.x.x 55
Any thoughts
Here is the stratup-config
interface Ethernet0
description ISP1
ip address 208.x.x.x255.255.255.248
ip nat outside
half-duplex
crypto map clientmap
!
interface Ethernet1
description ISP2
ip address 24.x.x.x 255.255.252.0
ip nat outside
half-duplex
crypto map clientmap
!
interface FastEthernet0
description Local LAN
ip address 192.168.3.1 255.255.252.0
ip nat inside
speed auto
!
ip local pool ippool 192.168.123.200 192.168.123.250
ip nat inside source route-map ROUTE-NAT interface Ethernet0 overload
ip nat inside source route-map ROUTE-NAT interface Ethernet1 overload
ip nat inside source static tcp 192.168.0.231 25 24.x.x.x 25 extendable
ip nat inside source static tcp 192.168.3.250 80 24.x.x.x 80 extendable
ip nat inside source static tcp 192.168.0.231 25 208.x.x.x 25 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 208.x.x.x 50
ip route 0.0.0.0 0.0.0.0 24.x.x.x 55
Any thoughts
Your ISP connections probably don't need to be half duplex....
The fact that only one dynamic NAT statement appears in the running config indicates that only one can be active at any given time. I don't think you can do what you want -- failover AND NAT -- with a single router like this. You could do it with BGP and your own public address space (requires the cooperation of both ISPs...), or I believe there are some SOHO routers with two Internet ports that are designed to do what you want (but aren't Cisco...).
The fact that only one dynamic NAT statement appears in the running config indicates that only one can be active at any given time. I don't think you can do what you want -- failover AND NAT -- with a single router like this. You could do it with BGP and your own public address space (requires the cooperation of both ISPs...), or I believe there are some SOHO routers with two Internet ports that are designed to do what you want (but aren't Cisco...).
Since this is a continuation of your previous post:
https://www.experts-exchange.com/questions/21189366/Router-Config-Cisco-1721-for-two-WAN-Firewall-and-VPN.html
We can try changing the nat statements like this:
ip nat inside source route-map ROUTE-NAT interface Ethernet0 overload
ip nat inside source list 2 interface Ethernet1 overload
access-list 2 permit 192.168.3.0 0.0.3.255
https://www.experts-exchange.com/questions/21189366/Router-Config-Cisco-1721-for-two-WAN-Firewall-and-VPN.html
We can try changing the nat statements like this:
ip nat inside source route-map ROUTE-NAT interface Ethernet0 overload
ip nat inside source list 2 interface Ethernet1 overload
access-list 2 permit 192.168.3.0 0.0.3.255
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.