I'm trying to get failover set up on a cisco router. Primary connection is mediacom and backup connection is verizon wireless via a cradlepoint router. I have the cradlepoint set up in IP passthrough.
I've created my SLAs and got my route failover working. When I take down the primary I can see the route change to the backup route in the table and I can get into the router via SSH on the backup IP. However, I am unable to get nat translations on the backup IP.
I debugged NAT and I'm getting errors that seem to show that it is still matching the primary route-map/nat statement. When I take out the overload command that is tied to the primary interface. BAM nat translations are working on the backup....it overloads fine. Do you think this is an IOS bug or has anyone seen this behavior?
Relevant Config:
interface GigabitEthernet8
description VZW-Backup
ip address dhcp
ip access-group 101 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet9
description INTERNET CONNECTION
mac-address 78da.6e65.582d
ip address x.x.x.x 255.255.255.0
ip access-group 101 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface Vlan1
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip nat inside source route-map INTERNET interface GigabitEthernet9 overload
ip nat inside source route-map INTERNET-BKP interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet9 x.x.x.x track 5
ip route 8.8.8.8 255.255.255.255 x.x.x.x
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp 254
track 5 ip sla 5
delay down 30 up 30
ip sla 5
icmp-echo 8.8.8.8 source-ip x.x.x.x
frequency 15
ip sla schedule 5 life forever start-time now
route-map INTERNET permit 10
match ip address 100
!
route-map INTERNET-BKP permit 10
match ip address 100
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 remark INTERNET NAT
NAT ERRORS BELOW
*Jul 11 19:54:16.855: NAT: map match INTERNET
*Jul 11 19:54:16.855: mapping pointer available mapping:0
*Jul 11 19:54:16.855: NAT: translation failed (A), dropping packet s=192.168.1.160 d=8.8.8.8
*Jul 11 19:54:16.859: NAT: map match INTERNET
*Jul 11 19:54:16.859: mapping pointer available mapping:0
*Jul 11 19:54:16.859: NAT: translation failed (A), dropping packet s=192.168.1.160 d=8.8.4.4
*Jul 11 19:54:16.895: NAT: map match INTERNET
*Jul 11 19:54:16.895: mapping pointer available mapping:0
*Jul 11 19:54:16.895: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Jul 11 19:54:16.895: NAT: map match INTERNET
*Jul 11 19:54:16.895: mapping pointer available mapping:0
*Jul 11 19:54:16.895: NAT: translation failed (A), dropping packet s=192.168.1.156 d=8.8.8.8
*Jul 11 19:54:16.899: NAT: map match INTERNET
*Jul 11 19:54:16.899: mapping pointer available mapping:0
*Jul 11 19:54:16.899: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Jul 11 19:54:16.899: NAT: API parameters passed: src_addr:192.168.1.101, src_port:0 dest_addr:8.8.8.8, dest_port:0, proto:17 if_input:Vlan1 pak:10F60AAC get_translated:1
*Jul 11 19:54:16.899: NAT: map match INTERNET
*Jul 11 19:54:16.899: mapping pointer available mapping:0
*Jul 11 19:54:16.899: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Jul 11 19:54:16.899: NAT: map match INTERNET
*Jul 11 19:54:16.899: mapping pointer available mapping:0
*Jul 11 19:54:16.899: NAT: translation failed (A), dropping packet s=192.168.1.156 d=8.8.8.8
*Jul 11 19:54:16.899: NAT: map match INTERNET
*Jul 11 19:54:16.899: mapping pointer available mapping:0ebug all
*Jul 11 19:54:16.899: NAT: translation failed (A), dropping packet s=192.168.1.101 d=8.8.8.8
*Jul 11 19:54:16.935: NAT: map match INTERNET
*Jul 11 19:54:16.935: mapping pointer available mapping:0
*Jul 11 19:54:16.935: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Jul 11 19:54:16.935: NAT: map match INTERNET
*Jul 11 19:54:16.935: mapping pointer available mapping:0
*Jul 11 19:54:16.935: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Jul 11 19:54:16.935: NAT: map match INTERNET
*Jul 11 19:54:16.935: mapping pointer available mapping:0
*Jul 11 19:54:16.935: NAT: translation failed (A), dropping packet s=192.168.1.160 d=8.8.8.8
*Jul 11 19:54:16.935: NAT: map match INTERNET
*Jul 11 19:54:16.935: mapping pointer available mapping:0
*Jul 11 19:54:16.935: NAT: translation failed (A), dropping packet s=192.168.1.160 d=8.8.4.4
*Jul 11 19:54:17.023: NAT: API parameters passed: src_addr:192.168.1.101, src_port:0 dest_addr:8.8.8.8, des
No comments:
Post a Comment