larryklingaman
asked on
Cisco Dual WAN failover config on Single Router
From the answers that I have seen I am positive someone can help me with this question.
I have an IP Base Cisco 2811 Router with one HWIC-4ESW and two Internet connections from different providers. My internet connections (Wireless and T1) come in through FastEthernet0/0 and FastEthernet0/1 respectively. My LAN side attaches through VLAN1 via FastEthernet0/0/0.
We use the Wireless as our primary connection to the internet for all LAN users, and also host internet servers through NAT. I currently have NAT entries duplicated for both Internet links to the internal servers.
We have a Dynamic DNS provider that checks every 2 minutes for a failure on our Wireless IP and if detected, switches all records over to our T1.
Interfaces
Wireless FastEthernet0/0 NAT OUTSIDE
Frac T1 FastEthernet0/1 NAT OUTSIDE
LAN FastEthernet0/0/0 as VLAN1 NAT INSIDE
Interface IPS (examples only)
Wireless 1.1.1.1 Gateway to ISP
1.1.1.(2-6) Wireless IP's
Frac T1 2.2.2.1 Gateway to ISP
2.2.2.(2-6) T1 IP's
VLAN1 192.168.1.1/24
Client IP's
192.168.1.2 - 192.168.1.254
NAT Example
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 2 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.3 25 1.1.1.3 25 extendable
ip nat inside source static tcp 192.168.1.3 25 2.2.2.3 25 extendable
Access Lists
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
Static Routes
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.1 20
What would be the configuration for the router. I have most of the pieces together, but something is just not working, besides my brain.
Thank you in advance!!!
Larry
I have an IP Base Cisco 2811 Router with one HWIC-4ESW and two Internet connections from different providers. My internet connections (Wireless and T1) come in through FastEthernet0/0 and FastEthernet0/1 respectively. My LAN side attaches through VLAN1 via FastEthernet0/0/0.
We use the Wireless as our primary connection to the internet for all LAN users, and also host internet servers through NAT. I currently have NAT entries duplicated for both Internet links to the internal servers.
We have a Dynamic DNS provider that checks every 2 minutes for a failure on our Wireless IP and if detected, switches all records over to our T1.
Interfaces
Wireless FastEthernet0/0 NAT OUTSIDE
Frac T1 FastEthernet0/1 NAT OUTSIDE
LAN FastEthernet0/0/0 as VLAN1 NAT INSIDE
Interface IPS (examples only)
Wireless 1.1.1.1 Gateway to ISP
1.1.1.(2-6) Wireless IP's
Frac T1 2.2.2.1 Gateway to ISP
2.2.2.(2-6) T1 IP's
VLAN1 192.168.1.1/24
Client IP's
192.168.1.2 - 192.168.1.254
NAT Example
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 2 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.3 25 1.1.1.3 25 extendable
ip nat inside source static tcp 192.168.1.3 25 2.2.2.3 25 extendable
Access Lists
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
Static Routes
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.1 20
What would be the configuration for the router. I have most of the pieces together, but something is just not working, besides my brain.
Thank you in advance!!!
Larry
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Unfortunately it will not, a downstream failure will not be detected by your router and the route will not be removed from the routing table. If the local interface goes down, then the backup route will come up.
You can use the following to combat that:
http://www.cisco.com/en/US/about/ac123/ac114/ac173/Q2-04/department_techtips.html
Failover/recovery should be pretty instantaneous. You will need to wait for the current NAT translations to time out but the route will drop out of the routing table and install the backup route within a matter of seconds.
You can use the following to combat that:
http://www.cisco.com/en/US/about/ac123/ac114/ac173/Q2-04/department_techtips.html
Failover/recovery should be pretty instantaneous. You will need to wait for the current NAT translations to time out but the route will drop out of the routing table and install the backup route within a matter of seconds.
JFrederick29 is correct. The SAA probe example in the link provided may require an upgrade from IP Base to Enterprise Base IOS ($$), but it is about the only solution for you since the ethernet physical interface is likely to never go down..
ASKER
How do I determine if the Base IP version that I have; 12.3(11)T2 supports policy routing? If it does support it, what would the configuration be? Should/can I run both the route-map and policies?
The IP Base version will support policy routing, whether it supports SAA probes is a different question. You can use Cisco's Feature Navigator to see if IP Base supports SAA probes. Yes, you can use policy routing (route-maps) along with the SAA probes.
ASKER
What would the configuration be for the Policy Routing
Okay, I'm losing train of thought here, let's backup, you don't need policy routing, you are simply using a route-map in your "ip nat inside source..." statements instead of an access-list. My first post is what you need to setup for the NAT failover.
ASKER
I should have been more specific. The outgoing NAT would need to failover also. What is the configuration for that and can it be done witht he IP Base IOS? Is that another question?
ASKER
With this configuration will the failover work if the Wireless has a problem on their routers and I still have a physical link on the interface AND if I lose my physical Link on the Wireless interface. What is the timeframe for the failover/recovery.
Thank you in advance...
Larry