Configuring Dual WAN Failover on Two Cisco Routers

1. Overview

 

For network today, WAN redundancy with multiple internet connections is very important not only in the enterprise networks but even in some small networks also need two ISP for dual WAN connection. To achieve the objective of having redundant WAN connectivity for a network, it must have different connections with two ISP. It is possible to use only one dual WAN router, but for hardware redundancy it is much better to use two different Cisco routers hardware for  dual WAN connection.

In this article will show how to configure dual WAN failover on two Cisco routers with IP SLA tracking to have redundancy with multiple internet connections.

2. Prerequisites

 

In this article of how to configure dual WAN failover on two Cisco routers, it is assumed that:

a. You already have GNS3 VM virtual server installed up and running on your computer. In case that you don’t, please refer to this link. Installing GNS3 VM on VMware Workstation

b.  You know how to configure NAT, network address translation, on Cisco router. If you do not, you can refer this link Configuring Network Address Translation (NAT) on Cisco Router.

3. Lab Scenario Set up

 

To demonstrate how to configure dual WAN failover on two Cisco routers , we will set up a GNS3 lab as the following IP network diagram.

Configuring Dual WAN Failover on Two Cisco Routers

There are six Cisco routers. R2, R3, and R4 are the routers in customer network and the other two routers will act like two different ISP, so we have multiple internet connections for the customer network. ISP01 is the primary connection and ISP02 is the secondary connection for customer router R3 and R4. In case that customer router R3 can not reach ISP01, it will automatically switch over to ISP02 on customer router R4 to achieve WAN redundancy. There is one router PC1 within the LAN network acting as computer client.

Now let configure the IP address setting on PC1

# int f0/0
    ip add 10.10.10.20 255.255.255.0
    no sh
# ip route 0.0.0.0 0.0.0.0 10.10.10.1

On customer router R2 configure the following IP address settings

# int f0/0
      ip add 10.10.10.1 255.255.255.0
      no sh
# int f1/0
     ip add 20.20.20.1 255.255.255.252
     no sh
# int f1/1
    ip add 30.30.30.1 255.255.255.252
    no sh

On customer router R3 configure the following IP address settings.

# int f0/0
     ip add 20.20.20.2 255.255.255.252
     no sh 
# int f0/1
     ip add 100.100.100.1 255.255.255.252
     no sh

On customer router R4 configure the following IP address settings.

# int f0/0
     ip add 30.30.30.2 255.255.255.252
     no sh 
# int f0/1
     ip add 200.200.200.1 255.255.255.252
     no sh

On ISP01 router, configure the following IP address settings

# int f0/0
    ip add 100.100.100.2 255.255.255.252
    no sh
# int f0/1
    ip add 102.102.102.1 255.255.255.252
    no sh

On ISP02 router, configure the following IP address settings

# int f0/0
    ip add 200.200.200.2 255.255.255.252
    no sh
# int f0/1
    ip add 102.102.102.2 255.255.255.252
    no sh

To connect ISP01 to ISP02 we need to configure a routing protocol. It can be the static routing or dynamic routing protocol, but in our case now let use OSPF dynamic routing protocol to connect these two ISP.

On ISP01 router, configure OSPF dynamic routing protocol as the below.

# router ospf 1
    net 102.102.102.0 0.0.0.3 area 1
    net 100.100.100.0 0.0.0.3 area 1

On ISP02 router, configure OSPF dynamic routing protocol as the below.

# router ospf 1 
    net 102.102.102.0 0.0.0.3 area 1
    net 200.200.200.0 0.0.0.3 area 1

4. Configure Dual WAN Failover on Two Cisco Routers

 

The first thing that we need to do here to have WAN redundancy with multiple internet connections is to configure dynamic NAT, dynamic network address translation, on both Cisco routers that connected directly to two ISP. So, clients computer within the internal network can reach to internet.

To configure dynamic NAT on Cisco router,  we need to create an ACL to contain the IP address to be NATed. In below ACL, we allow all IP in the LAN can access to the internet.

Configure the following ACL on customer router R3.

# ip access-list standard ACL-DNAT
     permit 10.10.10.0 0.0.0.255
     permit 20.20.20.0 0.0.0.3

Configure the following ACL on customer router R4.

# ip access-list standard ACL-DNAT 
     permit 10.10.10.0 0.0.0.255
     permit 30.30.30.0 0.0.0.3

After configured an access control list on both R3 and R4, then we need to configure dynamic NAT with the created ACL above.

Apply the follow Dynamic NAT configuration on customer Cisco routers R3.

# int f0/0
    ip nat inside
# int f0/1
    ip nat outside
# ip nat inside source list ACL-DNAT int f0/1 overload

Apply the follow Dynamic NAT configuration on customer Cisco routers R4.

# int f0/0
     ip nat inside 
# int f0/1
     ip nat outside 
# ip nat inside source list ACL-DNAT int f0/1 overload

On customer router R2, we need to configure IP SLA ,  to ping the public IP address of ISP01 since we had decided to use this ISP as the primary connection.

Apply the following IP SLA configuration on customer router R2.

# ip sla 20
     icmp-echo 100.100.100.2 source-interface f1/0
     timeout 1000
     frequency 10
# ip sla schedule 20 life forever start-time now
# track 1 rtr 20 reachability

Then, we need to apply the IP SLA configured above with default routes configuration on customer router R2. So, we can have WAN redundancy for our network.

Apply the following default routes configuration with tracking option on on customer router R2.

# ip route 0.0.0.0 0.0.0.0 20.20.20.2 track 1
# ip route 0.0.0.0 0.0.0.0 30.30.30.2 2

The track number which is specified with default routes configuration will be installed only if Cisco router with dual wan connection can reach the public IP of ISP01. So, if ISP01 cannot be reached by our dual wan connection Cisco router, the secondary default routes will be used to forward all the traffic to ISP02.

We also need default routes to be configured on each Cisco routers,R3 and R4, that connected directly to each ISP for client within the internet network can reach the internet. A static router also need on both routers,R3 and R4 to get traffic back to customer router R2.

Apply the following default routes and static router configuration on Cisco router R3.

# ip route 0.0.0.0 0.0.0.0 100.100.100.2
# ip route 10.10.10.0 255.255.255.0 20.20.20.1

Apply the following default routes and static router configuration on Cisco router R4.

# ip route 0.0.0.0 0.0.0.0 200.200.200.2
# ip route 10.10.10.0 255.255.255.0 30.30.30.1

5. Verify and Test

 

To test if the configuration of  WAN redundancy of multiple internet connections work or not,  we can ping to the public IP address these two ISP which is 102.102.102.1 or 102.102.102.2 for our case now from client computer PC1. We should get the following successful result.

PC1# ping 102.102.102.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 102.102.102.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/148/524 ms

After we know that ping to the public IP address of these two ISP is successful, we can check the traceroute command to see which path that it go to reach that  public IP address. Base on the following traceroute result, it reach 102.102.102.2 by going through router R3 and ISP01.

PC1# traceroute 102.102.102.2
Type escape sequence to abort.
Tracing the route to 102.102.102.2

 1 10.10.10.1 36 msec 8 msec 12 msec
 2 20.20.20.2 4 msec 24 msec 32 msec
 3 100.100.100.2 52 msec 12 msec 32 msec
 4 102.102.102.2 64 msec 40 msec 40 msec

If we check the routing table on customer router R2, the default routes must be pointing to the IP address of router R3 which is 20.20.20.2. So, this means that right now our customer router R2 for dual wan connection is forwarding all the traffic to ISP01 via R3 router to reach the internet.

# sh ip route
Gateway of last resort is 100.100.100.2 to network 0.0.0.0

 20.0.0.0/30 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet1/0
 10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
 30.0.0.0/30 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet1/1
S* 0.0.0.0/0 [1/0] via 20.20.20.2

Now we need to test if it is failover to ISP02 or not in case that ISP01 not reachable from both of our dual wan connection Cisco routers R3. So, can know that our configuration for WAN redundancy with multiple internet connections work or not. To test this, we can remove the IP address configuration on the interface f0/0 of  ISP01 router.

# int f0/0
    no ip address 100.100.100.2 255.255.255.252

After finished removing the IP address on the interface f0/0 of  ISP01 router, we should get the follow message log on our customer router R2

*Jan 15 13:35:16.179: %TRACKING-5-STATE: 1 rtr 20 reachability Up->Down

If we check the routing table on our customer router R2, the default routes must be pointing to the IP address of customer router R3 which is 30.30.30.2. So, this means that right now our dual wan connection Cisco router R2  is forwarding all the traffic to ISP02 via customer router R4 to reach the internet.

# sh ip route

Gateway of last resort is 200.200.200.2 to network 0.0.0.0

 20.0.0.0/30 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet1/0
 10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
 30.0.0.0/30 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet1/1
S* 0.0.0.0/0 [2/0] via 30.30.30.2

Now let check the traceroute result again. As we can we below, our customer client computer PC1 can reach that  public IP address 102.102.102.1 via R3 router connection which connected directly to ISP02.

PC1# traceroute 102.102.102.1
Type escape sequence to abort.
Tracing the route to 102.102.102.1

 1 10.10.10.1 52 msec 20 msec 16 msec
 2 30.30.30.2 20 msec 36 msec 32 msec
 3 200.200.200.2 68 msec 60 msec 64 msec
 4 102.102.102.1 96 msec 84 msec 88 msec

6. Conclusion

 

That’s all about how to configure dual WAN failover on two Cisco routers from Tech Space KH. This is a cheap and simple method to achieve the objective of WAN redundancy with multiple internet connections. Hopefully, you can find this guide informative. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.

Comments

comments