ISP Failover Issue on Cisco Router & sonicwall firewal

Unanswered Question
Sep 29th, 2008
User Badges:

"Dear All,"


in one of my customer place we are facing some ISP failover issue.below is the Network Setup details


1) we have airtel internet lease line with static public IP with /30

2) this airtel links connect to Cisco router 2801 with

3) the router 2801 interface f0/1 connected to sonicwall firewall on X1 interface.

4) this Sonicwall operates in transparent mode connected to LAN swicthes

5) The MTNL DSL internet MOdem (256kbps) is connected to SOnicwall x2 interface & connects the users to the internet when ever primary airtel links goes down.


"now the problem is here , once the main airtel links goes down the sonicwall firewall automatically swicth over to MTNL DSL Internet link.& failover works fine . but once the Airtel links comes back. the sonicwall doesnot swicth over the to primary airtel links. if we want traffic shuold go to airtel link , we need to manually clear the arp entries in the sonicwall firewall after then it switch to airtel links.we checked with sonicewall technical support team they say that may be some issue with cisco router. any idea what could be the problem."


Note : Static ARP entries has done in the Router for the connected interface of the firewall.


attached the running config of the router & Network Diagram




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hardiklodhia Mon, 09/29/2008 - 22:09
User Badges:
  • Bronze, 100 points or more

Hi,

I think there is some misconfiguration on sonicwall. can u post config or brief how u configured sonicwall failover?


Hi,

i will suggest two things.

first, (although this may not not be the problem)


remove these two lines from the router:

ip default-gateway 122.160.225.189

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.53


and replace with:

ip route 0.0.0.0 0.0.0.0 122.160.225.189


(the former two line makes u arp for every destination because you are mapping default route to an interface and not an IP address.


secondly,

i will suggest that you keep the sonicwall as a firewall and let the routing and failover be done on a router (this is what they do best) do the PPPoE on the cisco router. failover to the DSL when the main links goes down.

you can do this a a number of ways.

1. use IP SLA to track your service provider gateway IP address on the main link.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtpbrtrk.html


2. if the fast ethernet interface goes down when the main link is down, then you can you floating static to failover to the DSL


vkpolurouthu Tue, 09/30/2008 - 21:50
User Badges:

Hi,


Can you please attach the TSR (Tech Support Report).TSR can be downloaded from System-->Diagnostics and click on the download report..Thank You

Actions

This Discussion