03-07-2010 11:22 PM - edited 03-04-2019 07:44 AM
Sir,
Two cisco 7609 routers interconnected via Firewall(10.19.250.11).
configuartion of cisco 7609-1(10.19.250.7):
ip route 10.31.160.0 255.255.224.0 10.19.250.11
Configuartion of Alteon Switched Firewall
10.31.160.0 255.255.224.0 10.34.0.249
configuartion of cisco 7609-2(10.34.0.249):
ip route 10.31.160.0 255.255.224.0 172.21.1.17
Sir how to route in cisco 7609-01 if 172.21.1.17 E3 Link fails,it has to forward packet via E1 link is cisco 7609-01 .Firewall is in middle.
Regards Senthil
Solved! Go to Solution.
03-08-2010 01:08 AM
Hi,
No probs.. we can make it happen by configuring track based routing.
Find the config for your request
ip sla monitor 6
type echo protocol ipIcmpEcho
frequency 300
!
ip sla monitor schedule 6 life forever start-time now
track 123 rtr 6 reachability
ip route 10.31.160.0 255.255.224.0 10.19.250.11 track 123
ip route 10.31.160.0 255.255.224.0
Regards
Karuppu
03-07-2010 11:32 PM
HI,
Better can you post your topology diagram with ip address and interface details.Based on that we can give good solution.
Regards
Karuppu
03-07-2010 11:42 PM
Hi i have attahced diagram.
Thanks and Regards,
Senthil
03-07-2010 11:46 PM
03-08-2010 12:02 AM
Hi,
I am not clear with your questions..
1.Are you trying to say that, if the E3 link in down, do you want to route the packet from 7609-01 to other network via your E1 link ??
2.Can i say that currently all your traffic from 7609-01 router to other network is going via firewall then 7609-02 router ??
If you are saying yes for the first question, then we need to implement TRACK based routing with IP SLA.
Regards
Karuppu
03-08-2010 12:47 AM
Hi what u r saying is correct.
1.if E3 link down means I want to route the packet via e1 link in cisco 7609-01
2. yes
Now what I am actually doing is I am manually adding routes via E1 link if E3 link is down. I am unable to use metric. Since we can use metric if firewall is going down. But for me routing has to be diverted only when E3 link is failure.
03-08-2010 01:07 AM
Hi,
No probs.. we can make it happen by configuring track based routing.
Find the config for your request
ip sla monitor 6
type echo protocol ipIcmpEcho
frequency 300
!
ip sla monitor schedule 6 life forever start-time now
track 123 rtr 6 reachability
ip route 10.31.160.0 255.255.224.0 10.19.250.11 track 123
ip route 10.31.160.0 255.255.224.0
Regards
Karuppu
03-08-2010 01:12 AM
hi,
i am unable to use ip sla command
router(config)#ip s?
sap security slb source-route ssh
sticky-arp subnet-zero.
how to configure slb command
03-08-2010 01:55 AM
Hi,
Your current IOS is not supporting to configure IP SLA.
You need to have the ADVANCED ENTERPRISE / ADVANCED IPSERVICE / ADVANCED SECURITY IOS in your router.
Can you paste the output of the "sh version" in your 7609 routers.
Regards
Karuppu
03-08-2010 02:02 AM
hi,
TRICHYCENTRAL>sh version
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-JK9O3SV-M), Version 12.2(17a)SX4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Wed 21-Apr-04 23:46 by pwade
Image text-base: 0x40008FBC, data-base: 0x4223A000
ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)
BOOTLDR: s72033_rp Software (s72033_rp-JK9O3SV-M), Version 12.2(17a)SX4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TRICHYCENTRAL uptime is 1 year, 20 weeks, 22 hours, 28 minutes
Time since TRICHYCENTRAL switched to active is 1 year, 20 weeks, 22 hours, 27 minutes
System returned to ROM by bus error at PC 0x4165EAB4, address 0x4C at 10:21:11 GMT Sat Oct 18 2008 (SP by power-on)
System restarted at 17:05:28 GMT Sat Oct 18 2008
System image file is "sup-bootflash:s72033-jk9o3sv-mz.122-17a.SX4.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco CISCO7609 (R7000) processor (revision 1.1) with 458752K/65536K bytes of memory.
Processor board ID FOX0845006A
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
Primary Rate ISDN software, Version 1.1.
Channelized E1, Version 1.0.
5 FlexWAN controllers (56 E1)(3 Channelized E3).
2 Virtual Ethernet/IEEE 802.3 interface(s)
48 FastEthernet/IEEE 802.3 interface(s)
4 Gigabit Ethernet/IEEE 802.3 interface(s)
66 Serial network interface(s)
3 Channelized E3 port(s)
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Standby is up
Standby has 458752K/65536K bytes of memory.
Configuration register is 0x2102
03-08-2010 12:51 AM
Sorry, but your topology is not that clear with the IP addressing schemes and the requirements stated.
But i am guessing that you need the E1 as back up for E3, and in that case you need the 7600's to talk to each other over a link with a protocol, any FHRP can do the job.
It doesnt matter how the firewall behaves, but should support routing.
Please post more details.
03-08-2010 01:06 AM
Sir,I am attached herewith details.
cisco 7609-01 ip address 10.19.250.7
Firewall ip address-10.19.250.11
cisco 7609-02 ip address 10.34.0.249
Thanks and Regards,
Senthil
03-08-2010 01:07 AM
03-08-2010 01:08 AM
Hi,
No probs.. we can make it happen by configuring track based routing.
Find the config for your request
ip sla monitor 6
type echo protocol ipIcmpEcho
frequency 300
!
ip sla monitor schedule 6 life forever start-time now
track 123 rtr 6 reachability
ip route 10.31.160.0 255.255.224.0 10.19.250.11 track 123
ip route 10.31.160.0 255.255.224.0
Regards
Karuppu
03-08-2010 12:09 AM
Sir,
Two cisco 7609 routers interconnected via Firewall(10.19.250.11).
configuartion of cisco 7609-1(10.19.250.7):
ip route 10.31.160.0 255.255.224.0 10.19.250.11
Configuartion of Alteon Switched Firewall
10.31.160.0 255.255.224.0 10.34.0.249
configuartion of cisco 7609-2(10.34.0.249):
ip route 10.31.160.0 255.255.224.0 172.21.1.17
Sir how to route in cisco 7609-01 if 172.21.1.17 E3 Link fails,it has to forward packet via E1 link is cisco 7609-01 .Firewall is in middle.
Regards Senthil
Hi Senthil,
I am not sure about the alteon switched firewall supoprted for PBR based routing,as per thed iagram attacched what i can recommend is you can configure HSRP between the two 7206 router make the E3 link terminated as Active one with IP SLA configured on routers so that when ever E3 link goes down automatically traffic will be shifted to E1 link without any manual intervention.
and point a direct route from firewall towards the vip of the routers.
Hope to Help !!
Ganesh.H
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide