Simple dual WAN with load balancing and failover on the 1811

Unanswered Question
Apr 23rd, 2009
User Badges:

I'm trying to follow the famous example here:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml


The only difference with my configuration is both of my ISP connections have static IPs (so it should be eaiser to configure you would think.)


Anyway I can only get one or the other connections to work, never both at the same time. Attached is my current config. This config the ETH0 is the one that most traffic goes over.



Current configuration : 7238 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname yourname

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

aaa session-id common

!

!

!

ip cef

ip domain name yourdomain.com

ip name-server 64.105.199.74

ip name-server 64.105.159.250

!

no ipv6 cef

multilink bundle-name authenticated

!

!

username root privilege 15 secret 5 $1$ifix$nrWAT5zZIA13Av41XLjMm/

archive

log config

hidekeys

!

!

track timer interface 5

!

!

!

interface FastEthernet0

description COVAD$ETH-LAN$

ip address cc.cc.cc.26 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet1

description VERIZON$ETH-LAN$

ip address vv.vv.vv.7 255.255.255.0

ip nat outside

ip virtual-reassembly

shutdown

duplex auto

speed auto

!

interface FastEthernet2

description 240 NAT

switchport access vlan 239

!

interface FastEthernet3

description 240 NAT

switchport access vlan 239

!

interface FastEthernet4

description 10 DIAG

!

interface FastEthernet5

description 10 DIAG

!

interface FastEthernet6

description 10 DIAG

!

interface FastEthernet7

description 10 DIAG

!

interface FastEthernet8

description 10 DIAG

!

interface FastEthernet9

description 10 DIAG

!

interface Vlan1

description DIAG VLAN$ETH-SW-LAUNCH$$INTF-INFO-FE 2$

ip address 10.10.10.1 255.255.255.248

ip tcp adjust-mss 1452

!

interface Vlan239

description THE NAT

ip address 192.168.140.2 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Async1

no ip address

encapsulation slip

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 vv.vv.vv.1 permanent

ip route 0.0.0.0 0.0.0.0 cc.cc.cc.25 permanent

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map fixed-covad interface FastEthernet0 overload

ip nat inside source route-map fixed-verizon interface FastEthernet1 overload

!

ip sla 1

icmp-echo vv.vv.vv.1 source-interface FastEthernet1

timeout 1000

threshold 40

frequency 3

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo cc.cc.cc.25 source-interface FastEthernet0

timeout 1000

threshold 40

frequency 3

ip sla schedule 2 life forever start-time now

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.140.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 23 permit 192.168.140.0 0.0.0.255

access-list 110 permit ip 192.168.140.0 0.0.0.255 any

no cdp run


!

!

!

route-map fixed-covad permit 10

match ip address 110

match interface FastEthernet0

set ip next-hop cc.cc.cc.25

!

route-map fixed-verzion permit 10

match ip address 110

match interface FastEthernet1

set ip next-hop vv.vv.vv.1

!

!

!

!

control-plane

!


line con 0

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

transport input telnet ssh

!


!

webvpn cef

end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Laurent Aubert Fri, 04/24/2009 - 06:14
User Badges:
  • Cisco Employee,

Hi,


I suppose you noticed Fast1 is in shutdown state.


Load-balancing is per flow so you need different combination of source and destination addresses.


Also I don't think you need the set ip next-hop in the route-map as the routing decision is already made.


Other than that I don't know why it shouldn't work.


HTH


Laurent.

cowmixtoo Fri, 04/24/2009 - 13:46
User Badges:

The test I am doing is where I have a constant ping going out to a host on the general Internet. I take turns turning one connection off and the other on (and then vice versa) and the ping only persists when a certain connection is active.


I've corrected the issues you identified and the problem still persists.

Laurent Aubert Mon, 04/27/2009 - 07:38
User Badges:
  • Cisco Employee,

Hi,


It's due to the permanent keyword in your static route. Remove it from both routes so the route associated to a down interface will also be removed from the routing table.


HTH


Laurent.

Actions

This Discussion