Nat Failover With Dual Isp

  • The L2TP (Client) Host name will be given by the ISP. If the ISP assigned a static IP address, choose Static under L2TP IP assignment and manually enter the IP address with the Subnet mask and gateway router IP address given by the ISP. If the ISP is giving out a dynamic IP address, choose DHCP from the L2TP IP assignment dropdown menu.
  • The instructions show how NAT and multilink policy are implemented to balance the load. You can also assign a metric to each ISP connection. You may also want to check out the Barracuda Link Balancer which claims to offer cost-effective Internet Performance and Availability by dynamically balancing traffic across multiple ISP links.
  • Load Balancing and Failover with Gateway Groups¶. A Gateway Group is necessary to setup a Load Balancing or Failover configuration. The group itself does not cause any action to be taken, but when the group is used later, such as in policy routing firewall rules, it defines how the items utilizing the group will behave.

Contents

Introduction

This document describes a configuration for a Cisco IOS® router to connect a network to the Internet with Network Address Translation through two ISP connections. The Cisco IOS Software Network Address Translation (NAT) can distribute subsequent TCP connections and UDP sessions over multiple network connections if equal-cost routes to a given destination are available. In the event that one of the connections becomes unusable, object-tracking, a component of Optimized Edge Routing (OER), can be used to deactivate the route until the connection becomes available again, which assures network availability in spite of instability or unreliability of an Internet connection.

Configure a Source NAT policy for both ISPs. Make sure to define the destination interface on the 'Original Packet' tab for both Source NAT rules. The reason for the multiple VRs is because both tunnels are up and running at the same time. If connectivity is to ISP1, it will failover to ISP2 as soon as possible.

Prerequisites

Nat Failover With Dual Isp

Requirements

This document assumes that you have functional LAN and WAN connections; it does not provide configuration or troubleshooting background to establish initial connectivity.

  1. This document does not describe a way to differentiate between the routes, so there is no way to prefer a more-desirable connection over a less-desirable connection.

  2. This document describes the configuration of OER to enable or disable either Internet route based on the reachability of the DNS servers of the ISP. You need to identify specific hosts that can be reachable through only one of the ISP connections and cannot be available if that ISP connection is not available.

Components Used

This configuration was developed with a Cisco 1811 router with 12.4(15)T Advanced IP Services software. If a different software version is used, some features are potentially not available, or the configuration commands can differ from those shown in this document. Similar configuration are available on all Cisco IOS router platforms although the interface configuration likely varies between different platforms.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Nat

Configure

You potentially need to add policy-based routing for specific traffic to ensure that it always uses one ISP connection. Examples of traffic that require this behavior include IPSec VPN clients, VoIP handsets, and any other traffic that use only one of the ISP-connection options to prefer the same IP address, higher speed, or lower latency on the connection.

Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses this network setup:

Configurations

This configuration example, as illustrated in the network diagram, describes an access router that uses a DHCP-configured IP connection to one ISP (as shown by FastEthernet 0), and a PPPoE connection over the other ISP connection. The connection types have no particular impact on the configuration unless object-tracking and OER and/or policy-based routing is to be used with a DHCP-assigned Internet connection. In these cases, it can be very difficult to define a next-hop router for policy routing or OER.

Router Configuration Example

With DHCP-assigned route tracking:

DHCP-Assigned Route Tracking Configuration Example (Optional)

Verify

Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

  • show ip nat translation — Displays NAT activity between NAT inside hosts and NAT outside hosts. This command provides verification that inside hosts are translated to both NAT outside addresses.

  • show ip route — Verifies that multiple routes to the Internet are available.

Troubleshoot

After you configure the Cisco IOS router with NAT, if the connections do not work, be sure of these:

  • NAT is applied appropriately on outside and inside interfaces.

  • NAT configuration is complete, and ACLs reflect the traffic that must be NATed.

  • Multiple routes to the Internet/WAN are available.

  • If you use route tracking to be sure that the Internet connections are available, check the state of the route tracking.

Dual

Related Information

IT Network

For network today, WAN redundancy with multiple internet connections is very important not only in the enterprise networks but even in some small networks also need two ISP for dual WAN connection. To achieve the objective of having redundant WAN connectivity for a network, it must have different connections with two ISP.

In this article will show how to configure dual WAN failover on single Cisco router with IP SLA tracking to have redundancy with multiple internet connections.

In this article of how to configure dual WAN failover on single Cisco router, it is assumed that:

a. you already have GNS3 VM virtual server installed up and running on your computer. In case that you don’t, please refer to this link. Installing GNS3 VM on VMware Workstation

b. You know how to configure NAT, network address translation, on Cisco router. If you do not, you can refer this link Configuring Network Address Translation (NAT) on Cisco Router.

To demonstrate how to configure dual WAN failover on single Cisco router , we will set up a GNS3 lab as the following IP network diagram.

There are three Cisco routers. R1 is the router in customer network and the other two routers will act like two different ISP, so we have multiple internet connections for the customer network. ISP01 is the primary connection and ISP02 is the secondary connection for customer router R1. In case that customer router R1 can not reach ISP01, it will automatically switch over to ISP02 to achieve WAN redundancy. There is one router PC1 within the LAN network acting as computer client.

Cisco nat failover dual isp

Now let configure the IP address setting on PC1

On customer router R1 configure the following IP address settings

On ISP01 router, configure the following IP address settings

On ISP02 router, configure the following IP address settings

To connect ISP01 to ISP02 we need to configure a routing protocol. It can be the static routing or dynamic routing protocol, but in our case now let use OSPF dynamic routing protocol to connect these two ISP.

On ISP01 router, configure OSPF dynamic routing protocol as the below.

On ISP02 router, configure OSPF dynamic routing protocol as the below.

The first thing that we need to do here to have WAN redundancy with multiple internet connections is to configure dynamic NAT, dynamic network address translation, on Cisco router that connected directly to two ISP. So, clients computer within the internal network can reach to internet.

Cisco Nat Failover Dual Isp

To configure dynamic NAT on Cisco router, we need to create an ACL to contain the IP address to be NATed. In below ACL, we allow all IP in the LAN can access to the internet.

For multiple internet connections of WAN redundancy we need to configure route maps to select which traffic to be NATed for each WAN interface of these two ISP.

After configured an access control list , then we need to configure dynamic NAT with the created ACL above.

Now we need to configure IP SLA on Cisco router with dual wan connection, to ping the public IP address of ISP01 since we had decided to use this ISP as the primary connection.

Then, we need to apply the IP SLA configured above with default routes configuration on our dual wan connection Cisco router. So, we can have WAN redundancy for our network.

The track number which is specified with default routes configuration will be installed only if Cisco router with dual wan connection can reach the public IP of ISP01. So, if ISP01 cannot be reached by our dual wan connection Cisco router, the secondary default routes will be used to forward all the traffic to ISP02.

To test if the configuration of WAN redundancy of multiple internet connections work or not, we can ping to the public IP address these two ISP which is 102.102.102.1 or 102.102.102.2 for our case now. We should get the following successful result.

After we know that ping to the public IP address of these two ISP is successful, we can check the traceroute command to see which path that it go to reach that public IP address. Base on the following traceroute result, it reach 102.102.102.2 via ISP01.

If we check the routing table on our dual wan connection Cisco router, the default routes must be pointing to the public IP address of ISP01 which is 100.100.100.2. So, this means that right now our dual wan connection Cisco router is forwarding all the traffic to the internet vial ISP01.

Let also check the NAT configuration of WAN redundancy of multiple internet connections work or not. It should be NATed to the IP address of ISP01 as the following.

Now we need to test if it is failover to ISP02 or not in case that ISP01 not reachable from our dual wan connection Cisco router. So, can know that our configuration for WAN redundancy with multiple internet connections work or not. To test this, we can remove the IP address configuration on the interface f0/0 of ISP01 router.

After finished removing the IP address on the interface f0/0 of ISP01 router, we should get the follow message log on our dual wan connection Cisco router.

If we check the routing table on our dual wan connection Cisco router, the default routes must be pointing to the public IP address of ISP02 which 200.200.200.2. So, this means that right now our dual wan connection Cisco router is forwarding all the traffic to the internet vial ISP02.

Now let check the traceroute result again. As we can we below, our dual wan connection Cisco router can reach that public IP address 102.102.102.1 via ISP02 connection.

Let check the NAT configuration of WAN redundancy of multiple internet connections again. It should be NATed to the IP address of ISP02 as the following for now.

That’s all about how to configure dual WAN failover on single Cisco router from Tech Space KH. This is a cheap and simple method to achieve the objective of WAN redundancy with multiple internet connections. Hopefully, you can find this guide informative. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.

Nat Failover With Dual Isp

Comments

Nat Failover With Dual Isp Connection

comments

Nat Failover With Dual Isp Ip

Related posts: