cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
328
Views
0
Helpful
4
Replies

ADSL and FR via one router

wdbrewster
Level 1
Level 1

I am try to configure a 2801 router to access one ISP via two services, Frame Relay and ADSL. I want email traffic to go over FR only and browsing over ADSL. If either of these services fail all traffic should be routed through the active service. The ISP setup FR as the primary route for incoming email traffic. The services are failing over but the problem is: inbound traffic fail to reach a host when the dialer interface is up. From outside I can ping the ethernet interface, the firewall and mail server When I down the dialer interface, but the minute the dialer interface comes up, I cannot ping these anymore including the serial interface. I can only ping the dialer interface. I attached the config. I hope someone can help me.Please review and let me know where the problem is and your solution. Thanks.

4 Replies 4

mheusinger
Level 10
Level 10

Hi,

All traffic except smtp traffic should be NATed and sent over the dialer0 interface. So once the dialer comes up the ICMP replies will also be NATed and sent over the Dialer0. Therefore the ICMP reply will not contain your official IP addresses from ethernet and your ping application will not recognize them.

So basically I think you have a problem because you need to "think" in Layer 4 (PBR) and not Layer 3.

In case you want to ping for testing purposes you should include ICMP in access-list 120.

Did this help? Please rate all useful posts.

Martin

Hello,

in addition to Martin´s post, I am not sure if NAT is applicable at all in your situation and configuration. Since you seem to be using pubic IP addresses, and since you do not have inside and outside interfaces configured, you might as well take the lines:

ip nat inside source list 1 interface Dialer0 overload

access-list 1 permit any

out of your configuration alltogether.

As to your (policy) routing, I would make the two default routes equal:

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 0.0.0.0 0.0.0.0 205.80.76.13

that is, dot not specify an administrative distance; and change the Dialer0 to the nxt-hop address, if you know that address:

ip route 0.0.0.0 0.0.0.0 X.X.X.X

ip route 0.0.0.0 0.0.0.0 205.80.76.13

and change the route map as well:

route-map STATIC permit 20

description allow all other outbound traffic on ADSL

match ip address 130

set ip next-hop X.X.X.X

With CEF enabled, the policy route takes precedence, and only if the next hop specified in the route map is not available, the CEF routing table will be consulted, which should contain one entry only as well in case one of the next hop addresses is unavailable...

Does that make sense ?

Regards,

GP

Thanks for you quick response.

I would make things alittle easiler if I can remove the NAT, but If I remove the NAT I can't browse. any ideas as to why? The firewall which is CheckPoint is already do NAT so I don't need to NAT again.

In addition to my config I want to use SAA to track the status of each link. I don't want to limit it to only the availabilty of the next hop, since a FR or a ADSL failure can be further away than the next hop. I was looking at tracking http get to an URL like cisco.com, but you would agree with me that this might be considered as some form of network attack. Any other suggestions?

Hi Martin,

So you are saying that the reason that my inbound traffic is not reaching the hosts is because I need to allow for each of these services in my PBR?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco