Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
gustaf2015-11-29 20:25:25
Cisco
gustaf, 2015-11-29 20:25:25

Cisco router: how does NAT change when using IP SLA?

I can not figure it out, if you can, tell me please.
There is such a configuration:
Two external interfaces to two different providers

interface GigabitEthernet0/0
description MAIN_ISP
ip address 10.10.10.54 255.255.255.240 secondary
ip address 10.10.10.51 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

interface GigabitEthernet0/1
description BACKUP_ISP
ip address 20.20.20.198 255.255.255.240 secondary
ip address 40.40.40.82 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

one internal interface to the internal network.
interface GigabitEthernet0/2
description link_between_2911_and_ASA
ip address 192.168.255.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip policy route-map Load-Balance
duplex auto
speed auto

Two NAT entries
ip nat inside source static 192.168.6.54 10.10.10.54 route-map static-nat-isp-main
ip nat inside source static 192.168.6.54 20.20.20.198 route-map static-nat-isp-backup

PBR
route-map static-nat-isp-backup permit 10
match interface GigabitEthernet0/1

route-map static-nat-isp-main permit 10
match interface GigabitEthernet0/0

routes
ip route 0.0.0.0 0.0.0.0 10.10.10.49 5 track 1
ip route 0.0.0.0 0.0.0.0 40.40.40.81 10 track 2
ip route 192.168.6.0 255.255.255.0 192.168.255.2

channel availability monitoring
ip sla 1
icmp-echo 10.10.10.49 source-interface GigabitEthernet0/0
threshold 1000
frequency 5
ip sla schedule 1 life forever start-time now

ip sla 2
icmp-echo 40.40.40.81 source-interface GigabitEthernet0/1
threshold 1000
frequency 5
ip sla schedule 2 life forever start-time now


track 1 ip sla 1 reachability
delay down 5 up 5
!
track 2 ip sla 2 reachability
delay down 5 up 5

When both providers are available, machine address 192.168.6.54 is translated to the Internet at 10.10.10.54
When the main_isp provider is not available, machine address 192.168.6.54 is translated to the Internet at 20.20.20.198
Question.
I can't figure out which rule is used for translation in the first case, and which one in the second case.
When the first provider ceases to be available, the default gateway changes from 10.10.10.49 to 40.40.40.81 - this is understandable.
Where and when does NAT change?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Alexander, 2015-12-03
@gustaf

Numbers 5 and 10 for routes are called Administrative Distance, a more or less adequate Russian counterpart - "the degree of trust in the source of routing information."

ip route 0.0.0.0 0.0.0.0 10.10.10.49 5 track 1
ip route 0.0.0.0 0.0.0.0 40.40.40.81 10 track 2
Of the two identical valid routes, the one with the smaller AD will get into the routing table.
The choice of the first or second route affects the choice of the outgoing interface for sending the packet out (different next-hops are available through different interfaces).
This, in turn, affects the choice of NAT rule. One route-map works for one interface (route-map static-nat-isp-main - Gi0/0), the other - for another (backup - Gi0/1).
Do you need additional info?

Report
P
pezzak, 2015-12-01
@pezzak

In the first case, when both gateways are available, the router sends packets to the world that came from the host 192.168.6.54 with the Inside Global address 10.10.10.54, in the second case, Inside Global 20.20.20.198, i.e. depending on the routing table (more precisely, the FIB table), you have it enabled for both addresses:

ip nat inside source static 192.168.6.54 10.10.10.54 route-map static-nat-isp-main
ip nat inside source static 192.168.6.54 20.20.20.198 route-map static-nat-isp-backup

Also, if the main gateway is unavailable, the established tcp sessions will hang, because 192.168.6.54 will be broadcast according to the built nata table. In this case, you need to clear the table via EEM:
event manager applet ISP_1_UP 
 event track 1 state up
 action 001 cli command "enable"
 action 002 cli command "clear ip nat trans *"
 action 003 syslog msg "ISP 1 is UP"

event manager applet ISP_1_DOWN 
 event track 1 state down
 action 001 cli command "enable"
 action 002 cli command "clear ip nat trans *"
 action 003 syslog msg "ISP 1 is DOWN"

Report
G
gustaf, 2015-12-01
@gustaf

Thanks for the answer!
I understand one hundred NAT is enabled for both addresses.
The question is why when two or two gateways are available, then 10.10.10.54, and when the first gateway is not available, then - 20.20.20.198.
Where is the rule or where is the priority?
If I swap entries like this:

ip nat inside source static 192.168.6.54 10.10.10.54 route-map static-nat-isp-backup
ip nat inside source static 192.168.6.54 20.20.20.198 route-map static-nat-isp-main

then when two gateways are available, the address will be 20.20.20.198, and when the first gateway is not available, then the machine does not have access to the Internet at all.
Special thanks for clearing the table!

Similar questions
I
Ivan Ivanov2014-02-10 13:26:36
What's the difference between the $15k and $2k Cisco switches? 10Reply
M
morfair2016-04-25 16:42:11
How to make dialing to the city through 9'ku PBX with Cisco? 1Reply
B
Berkutman2018-09-24 15:41:56
Who faced similar Centos 7 PacketTracer 7.2? 2Reply
C
Caspergreen2016-05-02 13:49:27
Setting up a working environment between vlans, how? 0Reply
T
topbanana2014-03-12 01:19:00
What's wrong with configuring pptp client on cisco 871? 14Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question