Problem with Failover

Unanswered Question
Jan 20th, 2008

Dear All,

Please advices me!!!

Now my system used fail over with ISPA and ISP 2, and use the router 1841 with module hwic-4fe.ISP1 is Primary and ISP2 is Backup.i have the problem: when ISP1 down ( i mean ISP has the problem but on router int F0/1 still up).So my client cannot access Internet. By the way when i take out ISP1 from Router it switch to ISP2.

Please see in the attach file.

Best Regards,

Join

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Loading.
join_sn09 Sun, 01/20/2008 - 20:10

Dear Jorge,

thank you for you help,

could you give some configuration for me or you can edit on last my attach file.

Note: ISP1 and ISP2 i use static ip.

Best Regards,

Join

JORGE RODRIGUEZ Sun, 01/20/2008 - 21:00

First you need to know if you code supports object tracking feature.

Taken from your same config you could try this.

interface FastEthernet0/0

description LAN Interface

ip address 192.168.0.99 255.255.255.0

ip nat inside

speed auto

full-duplex

!

interface FastEthernet0/1

description WAN interface to ISP1 (Active)

ip address 10.150.10.39 255.255.0.0

ip nat outside

speed 10

full-duplex

interface Vlan1

description WAN interface to ISP2 (Backup)

ip address 192.168.1.2 255.255.255.0

ip nat outside

ip sla monitor 1

type echo protocol ipIcmpEcho 10.150.1.3

frequency 5

ip sla monitor schedule 1 life forever start-time now

track 1 rtr 1 reachability

ip nat inside source route-map NAT-ISP1 interface FastEthernet0/1 overload

ip nat inside source route-map NAT-ISP2 interface Vlan1 overload

ip route 0.0.0.0 0.0.0.0 10.150.1.3 track 1

ip route 0.0.0.0 0.0.0.0 192.168.1.1 5

access-list 99 permit 192.168.0.0 0.0.0.255

route-map NAT-ISP1 permit 10

match ip address 99

set ip next-hop verify-availability 10.150.1.3 track 1

route-map NAT-ISP2 permit 10

match ip address 99

set ip next-hop 192.168.1.1

join_sn09 Sun, 01/20/2008 - 22:25

dear jorge,

Thank you.

i will try again and let you know when it done.

Best Regards,

Join

join_sn09 Tue, 01/22/2008 - 04:13

Dear All and jorge,

i come agian,

i has some problem,So when the ISP1 has the problem,then the ISP2 is up but my client cannot access Internet.By the way when i traceroute from router 1841, so packet throught out to ISP2.

Could you help me, what's going on?

Best Regards,

Join

JORGE RODRIGUEZ Tue, 01/22/2008 - 05:51

when ISP1 is off and ISP2 up and clients try accessing internet through ISP2 can you record and post the output of "show ip nat translations"

Rgds

Jorge

JORGE RODRIGUEZ Tue, 01/22/2008 - 12:17

Join, you may need to configure rate limiting nat translations, once your ISP1 is down nat translations are probably still bound to ISP1. When you have a chance to do the failover test again please note "show ip nat translation " just for the record.

You may want to add these in your config

ip nat translation timeout 2

ip nat translation icmp-timeout 2

ip nat translation tcp-timeout 2

ip nat translation udp-timeout 2

see ip nat translation (timeout)

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d09f0.html#60976

Post results when you can.

Rgds

Jorge

join_sn09 Wed, 01/23/2008 - 17:42

Dear Jorge and all,

Do you have any idea on this case?

Please help me to solve this issue!!!!

When the ISP 1 down, the ISP 2 still up, but my client cannot access Internet.and i try to ping from router to other public IP is ok,( during ISP1 down.

Best Regards,

Join

JORGE RODRIGUEZ Wed, 01/23/2008 - 19:53

Join, what is the default gateway for the clients machines, is it point to 192.168.0.99? please confirm this.. , can you run debug ip nat at the router while trying to ping something on the outside and post output of debug.

Rgds

Jorge

join_sn09 Wed, 01/23/2008 - 20:41

Sorry ,

in the attach file number 2 is wrong the name:

2,When ISP1 down and ISP2 up.txt

all my client you 192.168.0.99 is gateway.

JORGE RODRIGUEZ Wed, 01/23/2008 - 21:48

change these statements bellow keeping the rest of the config the same.

ip sla monitor 1

icmp-echo 192.168.168.1

frequency 5

ip sla schedule 1 life forever start-time now

and add oer at end of overload, if not available you will need to upgrade to code

that supports oer feature.

ip nat inside source route-map NAT-ISP1 interface FastEthernet0/1 overload oer

ip nat inside source route-map NAT-ISP2 interface Vlan1 overload oer

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml

join_sn09 Wed, 01/23/2008 - 22:59

Dear Jorge,

command that you gave me has some error.

my router support this command:

Router(config-sla-monitor)#type ?

dhcp DHCP Operation

dns DNS Query Operation

echo Echo Operation

frame-relay Perform frame relay operation

ftp FTP Operation

http HTTP Operation

jitter Jitter Operation

pathEcho Path Discovered Echo Operation

pathJitter Path Discovered Jitter Operation

slm SLM Operation

tcpConnect TCP Connect Operation

udpEcho UDP Echo Operation

voip Voice Over IP measurement

This is flash in my router

Router(config)#do sho fla

-#- --length-- -----date/time------ path

1 660 Dec 25 2007 06:57:46 +00:00 vlan.dat

2 1821 Sep 13 2007 08:08:52 +00:00 sdmconfig-18xx.cfg

3 861696 Sep 13 2007 08:09:14 +00:00 es.tar

4 1164288 Sep 13 2007 08:09:36 +00:00 common.tar

5 1038 Sep 13 2007 08:09:54 +00:00 home.shtml

6 113152 Sep 13 2007 08:10:12 +00:00 home.tar

7 18859836 Dec 07 2007 10:06:22 +00:00 c1841-advsecurityk9-mz.124-2.T1.bin

10911744 bytes available (21020672 bytes used)

Router(config)#

----------

all command that you gave me i cannot confige on router

Best Regards,

Join

JORGE RODRIGUEZ Wed, 01/23/2008 - 23:05

Thats fine, then leave as

type echo protocol ipIcmpEcho 192.168.168.1

but did you configured the two new nat statements given and try test .

join_sn09 Wed, 01/23/2008 - 23:19

dear Jorge,

Router(config)#ip nat inside source route-map NAT-ISP1 interface FastEthernet0/1 overload ?

my router not support command you u gave me.

this is my flash, could you have other command ?

c1841-advsecurityk9-mz.124-2.T1.bin

Best Regards,

Join

Actions

This Discussion