Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Redundant Cisco Link

Options
  • 14-07-2004 6:31pm
    #1
    jayok
    Registered Users Posts: 1,906 ✭✭✭


    Don't know if anyone here is any good at Cisco but I'll ask anyway

    We have one Cisco 1721 router with two WICs installed, an ADSL and a Serial. We have two internet connections from two separate ISPs for failover. This cisco router is not configured as a firewall as there a checkpoint box in place doing this.

    To permit access to both lines the ethernet interface of the router was configured with an internal private IP Address of 10.0.0.1/24. The firewall is configured with an IP address of 10.0.0.2/24. To permit access to the external world the 10.0.0.2 address is statically NAT'd to one of the public IP addresses. This NAT works fine and we can browse the internet. The problem is if the line fails we would like the 10.0.0.2 address to now be NAT'd to the public IP addresses of the other line. Is this possible?

    I've checked everywhere and cannot seem to find anything. For line failover I am using a floating static route, however this doesn't solve the problem of the static NATs.

    Thanks in advance!


Comments

  • Options
    #2
    tomk
    Registered Users Posts: 1,067 ✭✭✭tomk


    Did a bit of Ciscoing a while ago, but not this advanced.

    This probably won't help, but do Cisco boxes have a default route? If so, shouldn't you be using that instead of a static NAT? And shouldn't part of the failover config include an automatic change of the default route from the failed external IP address to the backup one?

    Crude analogy: my laptop has LAN and dial-up interfaces. The default route is via eth0, but if I activate the dial-up, the default route is automatically changed to ppp0.

    Like I said, probably totally irrelevant, but you never know....


  • Options
    #3
    spongebob
    Closed Accounts Posts: 6,143 ✭✭✭spongebob


    its odd , a serial is a leased line so the adsl is the backup I assume ?

    I have done this WIC > ISDN but not WIC > WIC

    Search for Serial to ISDN failover and kludge it from that . I think the ADSL WIC must be down even if connected .....

    M


  • Options
    #4
    Obo
    Closed Accounts Posts: 70 ✭✭Obo


    I've been thinking about this myself, but haven't gotten around to trying it yet.

    Try two entries for the default route for the two interfaces, but with a higher metric on the backup interface. I think that should switch over to the backup if the primary goes down (might have to timeout first).

    Think I'll have to go and read up again on Dial on Demand Routing.


  • Options
    #5
    jayok
    Registered Users Posts: 1,906 ✭✭✭jayok


    I've been digging around on this a whole-lot and it's not as simple with two WICs are it is with ISDN backup.

    But here's what I have so far...

    You will need to configure e0 with a private IP and NAT this to whichever line you are going to use. In my specific example SMTP goes out one line while all other traffic goes out the other (does using route-maps). Then set a floating static route (for the laugh) with two difference administrative distances. This is the bit I'm stuck on, finally setup a NAT routing based policy for each line.

    As soon as I have this sussed I'll let you know (I am onto Cisco themselves)

    Jayo.


Advertisement