Easy Cisco IOS Dual WAN Failover – IP SLA, NAT, Route Maps

I was looking for a solution of providing WAN failover to a site using two ISP’s with unique NAT pools whilst avoiding BGP. Obviously BGP solves all of these issues that were using IP SLA and route-maps for, but the stipulation was without a routing protocol. For whatever reason I couldn’t find a nice example so here’s an easy to follow config that I knocked up as a POC. If you want to replicate this in GNS drop in the below config on a 3725 platform and create Telco routers for each Telco with the /30 WAN addressing and a static route for 3.3.3.0/24 and 4.4.4.4/24.

As an overview:

  • We want to preference Telco 1. Telco 2 should only be used if Telco 1 goes down.
  • Telco 1 has a WAN of 1.1.1.2/30. They statically route a prefix of 3.3.3.0/24 to us which we will use for NAT overload. If the Telco didn’t route us a prefix though we could just overload the WAN interface.
  • Telco 2 has a WAN of 2.2.2.2/30. They statically route a prefix of 4.4.4.0/24 to us which we will use for NAT overload. If the Telco didn’t route us a prefix though we could just overload the WAN interface.

We will create a track with IP SLA to track Telco 1’s WAN address. This could be any routable IP in their network though. We set a default route to this Telco with the track. We set another default route to Telco 2 with a higher AD. This takes care of our default route movements should Telco 1 go down.

We create two route-maps one for each Telco. We match an ACL with our inside IP’s on our network. If you’re not worried about selectively providing NAT pool access, you can ommit the ACL match. We also match the exit interface for each Telco.

We set up our NAT pools and NAT source mapping’s referencing our route-maps.

interface FastEthernet0/0
description To Telco 1
ip address 1.1.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

interface FastEthernet1/0
description To Telco 2
ip address 2.2.2.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

ip sla 1
icmp-echo 1.1.1.1 source-interface FastEthernet0/0
timeout 1000
threshold 800
frequency 30

ip sla schedule 1 life forever start-time now

track 1 rtr 1 reachability

ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1
ip route 0.0.0.0 0.0.0.0 2.2.2.1 2

ip access-list extended NAT_ACL
permit ip 192.168.0.0 0.0.255.255 any

route-map Telco1 permit 10
match ip address NAT_ACL
match interface FastEthernet0/0

route-map Telco2 permit 10
match ip address NAT_ACL
match interface FastEthernet1/0

ip nat pool Telco1 3.3.3.1 3.3.3.1 netmask 255.255.255.0
ip nat pool Telco2 4.4.4.1 4.4.4.1 netmask 255.255.255.0
ip nat inside source route-map Telco1 pool Telco1 overload
ip nat inside source route-map Telco2 pool Telco2 overload

One thought on “Easy Cisco IOS Dual WAN Failover – IP SLA, NAT, Route Maps

  1. […] the back of my last post about failing over outbound access using IP SLA and route-maps here I needed to also accommodate DMVPN tunnels in this […]

Leave a Reply

Your email address will not be published. Required fields are marked *