Nat Failover With Dual Isp

  • The Dual homed method 2 involves two separate ISP routers from the SAME ISP. This would most likely increase the cost of the solution compared to method 1 because of the fact that you require your ISP to provide you with two pieces of equipment on their end.
  • Dual WAN Load Balancing vs Failover I have a building that we're providing internet for about 60 subs. We've been having issues with our main ISP, so we've gotten a second WISP connection as a backup.
  1. Cisco Nat Failover Dual Isp
  2. Nat Failover With Dual Isp Connection
  3. Nat Failover With Dual Isp Ip
  4. Nat Failover With Dual Isp Router

Dual Internet connections Secondary IP addresses to an interface Software switch. Network address translation (NAT) Configuring SNAT Configuring DNAT VLANs and forwarding domains. SIP and HA–session failover and geographic redundancy. Nat (inside) 1 0 0 global (ISP1) 1 interface global (ISP2) 1 interface. Now all the traffic destined to any address on port 80/443 will be forcibly put on ISP2 interface and routed from there. Scenario 4 (ASA Dual ISP Failover (With exchange access)).



This document describes a configuration for a Cisco IOS® router to connect a network to the Internet with Network Address Translation through two ISP connections. The Cisco IOS Software Network Address Translation (NAT) can distribute subsequent TCP connections and UDP sessions over multiple network connections if equal-cost routes to a given destination are available. In the event that one of the connections becomes unusable, object-tracking, a component of Optimized Edge Routing (OER), can be used to deactivate the route until the connection becomes available again, which assures network availability in spite of instability or unreliability of an Internet connection.




This document assumes that you have functional LAN and WAN connections; it does not provide configuration or troubleshooting background to establish initial connectivity.

  1. This document does not describe a way to differentiate between the routes, so there is no way to prefer a more-desirable connection over a less-desirable connection.

  2. This document describes the configuration of OER to enable or disable either Internet route based on the reachability of the DNS servers of the ISP. You need to identify specific hosts that can be reachable through only one of the ISP connections and cannot be available if that ISP connection is not available.

Components Used

Cisco Nat Failover Dual Isp

This configuration was developed with a Cisco 1811 router with 12.4(15)T Advanced IP Services software. If a different software version is used, some features are potentially not available, or the configuration commands can differ from those shown in this document. Similar configuration are available on all Cisco IOS router platforms although the interface configuration likely varies between different platforms.


The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Refer to Cisco Technical Tips Conventions for more information on document conventions.


Cisco nat failover dual isp

You potentially need to add policy-based routing for specific traffic to ensure that it always uses one ISP connection. Examples of traffic that require this behavior include IPSec VPN clients, VoIP handsets, and any other traffic that use only one of the ISP-connection options to prefer the same IP address, higher speed, or lower latency on the connection.


Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses this network setup:


This configuration example, as illustrated in the network diagram, describes an access router that uses a DHCP-configured IP connection to one ISP (as shown by FastEthernet 0), and a PPPoE connection over the other ISP connection. The connection types have no particular impact on the configuration unless object-tracking and OER and/or policy-based routing is to be used with a DHCP-assigned Internet connection. In these cases, it can be very difficult to define a next-hop router for policy routing or OER.

Router Configuration Example

With DHCP-assigned route tracking:

DHCP-Assigned Route Tracking Configuration Example (Optional)


Use this section to confirm that your configuration works properly.

Nat Failover With Dual Isp Connection

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

  • show ip nat translation — Displays NAT activity between NAT inside hosts and NAT outside hosts. This command provides verification that inside hosts are translated to both NAT outside addresses.

  • show ip route — Verifies that multiple routes to the Internet are available.


Nat Failover With Dual Isp Ip

After you configure the Cisco IOS router with NAT, if the connections do not work, be sure of these:

  • NAT is applied appropriately on outside and inside interfaces.

  • NAT configuration is complete, and ACLs reflect the traffic that must be NATed.

  • Multiple routes to the Internet/WAN are available.

  • If you use route tracking to be sure that the Internet connections are available, check the state of the route tracking.

Nat Failover With Dual Isp Router

Related Information