Can a Cisco 3600 router be programmed to route based on line condition? If so, how? Here is our situation...
Right now we are using one T1 circuit for all of our Internet traffic. Our Cisco 3600 router sends all traffic to our firewall, which acts as our default gateway (This is set up like: Gateway of last resort is 10.10.2.21 to network 0.0.0.0).
Instead of this, for redundancy reasons, we would like the 3600 to route all traffic to a NetScreen integrated firewall/VPN appliance on the T1 circuit. In the advent of a T1 failure/outage, however, we'd like the 3600 to send all traffic to another NetScreen appliance on a 256K circuit. This way, line downtime would be reduced, at least based on our part of the routing equation.
Somebody suggested that I do the following, but I seek verification before any changes are made:
Simply use a "floating" default with a higher metric than the default.
ip route 0.0.0.0 0.0.0.0 <ip add1>
ip route 0.0.0.0 0.0.0.0 <ip add2> 20
If the T1 routing to the first address drops, the traffic automatically goes to the second one.
I searched for clarification and found it odd that I could not find the "ip route" command in any of the system or CD documentation that came with this router. Here's my question: Where might I find information regarding this command, or should I be doing something else to achieve line redundancy via a secondary gateway of last resort?
I dont think the static routes will work for your case. They work when the router can detect that it cannot reach the next hop "ip route 0.0.0.0 0.0.0.0 next-hop-ip".
That usually requires that at least the primary wan circuit be directly attached to the router. That way when it goes down it will be dropped from the route table and the second static route will be used.
In your case the netscreens are separating the wan circuits from the router so there is no way the router can tell when they are down. In addition, the netscreens i have seen have two LAN interfaces so there has to be another router beyond the netscreen before the internet. In that case the netscreen cannot detect a down t1 either.
If your netscreens really have the wan interfaces then you need to look into whether the netscreens have a feature like cisco's hot standby router protocol. They would use this to tell each other, not the router, to failover and the backup netscreen would take over the gateway IP address that the router is forwarding to. This is a common firewall feature.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...