Yes it is perfectly possible to have 2 default routes on a router. The router will load-balance across the 2 routes (providing it does not find a more specific route in the routing table).
Thank you Jon for your answer,
in the attached file, you have the architecture of my network:
-R1 connects the other branches to the HQ via MPLS and those branhes go to the internet trhough R1 (in R1 I have 2 interfaces dialer: dialer0 for internet access and dialer1 for MPLS)
-R2 connects the HQ to the internet
But now I want that all my internet traffic passes trougth ASA and for that, I want to shutdown dialer0 in R1 and configure in it a second default route towards ASA.
please I want to know if this would work.
Hi Mr Jon,
the first default-route on R1 point to dialer0.
Now I have to ISP, the first one is connectected trough R1 and the second one trough R2, I want to cancel the contract with the first one (contract of internet provider but maintain the contract of MPLS because I am using its infrastructure for MPLS) and maintain the second ISP for internet access.
Thank you, and il will please to read you.
Okay 2 default-routes won't work because the router will not know whether to send the packet via MPLS or to the internet.
1) the default-route must be used for Internet traffic because the destination address could be anything -
ip route 0.0.0.0 0.0.0.0
2) You will need more specific routes for your branch networks that are reachable via MPLS. So on R1 you would need to add routes for all branch networks eg.
ip route 192.168.5.0 255.255.255.0
If you have summarised your network hopefully there won't be too many entries.
Thank you very much for your answer
In R1 I have have already add routes to all my branch networks and those routes are like this:
ip route 172.16.2.0 255.255.255.0 dialer1
ip route 172.16.3.0 255.255.255.0 dialer1
In R1, I will disable the existing default route which is:
ip route 0.0.0.0 0.0.0.0 dialer0
and replace it by
ip route 0.0.0.0 0.0.0.0
I will get you know.
hi M. Jon
I changed the default route in R1, and from R1 I reach the DNS of the second ISP trough R2, but when I log in the router of one of my branches I did'nt reach that DNS consequently the computers behind this router don't get access in the internet, please help me to solve this problem.
int the ASA, I have built these dynamics NAT
nat (inside) 1 network_address_branch_1
nat (inside) 1 network_address_branch_2
global (outside) 1 x.x.x.y - x.x.x.z
are x.x.x.y-x.x.x.z your public IPs? Where r u translating for Internet access? How many Public IP addresses do you have for internet?
In the above configuration if you are specifying public IP in global(outside). Only z-y inside host will be able to access internet.
So, could you please clear, where r u translating for internet access in router R2 or ASA outside interface.
I have pasted sample configuration that resembles your network.
! The following are the assumption with IP addresses
! Router R2 [fa0/0]internet address=192.168.10.2 and gateway address=192.168.10.1
! Branch Networks: Branch_A =172.22.10.0/24, Branch_B=172.22.15.0/24
! R2 inside address: 172.16.10.1
! ASA outside address: 172.16.10.2, inside addresss: 172.16.20.1
! Router R1 inside address 172.16.20.2,
! R2 configuration
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip route 172.22.0.0 255.255.0.0 172.16.10.2
ip route 172.16.20.0 255.255.255.0 172.16.10.2
ip access-list extended internet_access
permit ip 172.22.10.0 0.0.0.255 any
permit ip 172.22.15.0 0.0.0.255 any
ip nat inside source list internet_access interface fastethernet 0/0 overload
ip nat inside source static 172.16.15.20 192.168.10.20
! ASA configuration : assuming nat-control is enabled
route outside 0.0.0.0 0.0.0.0 172.16.10.1
route inside 172.22.0.0 255.255.0.0 172.16.20.2
! R1 configuration
ip route 172.22.0.0 255.255.0.0 dialer1
ip route 0.0.0.0 0.0.0.0 172.16.20.1
thank you M. Roshan, thank you for your answer, I will try to apply ur sample configuration and let u know; but I also want to controled internet access on my ASA (not all computers have access to the internet), between R2 and ASA I have this network 172.16.254.0/24 which can permit me to do static nat on ASA for computers which have access to the internet, does this configuration work?
You can control internet access in may ways. If you have static IP address for internet access, then I would suggest adding and acl in inside of router R2.
In the below example, the acl internet_users will control internet access.
ip access-list extended internet_users
permit ip host 172.22.10.1 any
permit ip 172.22.15.16 0.0.0.7 any
interface fastethernet 0/1
description <<<<< Inside Network >>>>>
ip access-group internet_users in
If you are using dynamic IP address assignment and if you have Cisco Secure ACS, then use proxy authentication on Internet Router R2.
Hi Roshan and Jon
I did approximately what u ask to do and it works, now all my branches go to the internet through R2 thank you very much for your help.