12-30-2002 05:45 AM - edited 03-02-2019 03:51 AM
I have to networks connected via Frame-Relay.
Network A is our main site which has a full T1 Internet. Site B has a 384k PVC to Internet via FRame.
I am trying to setup up a backup route that allows Site A to access the internet via Site B. I am Able to reverse the situation where site B can access Internet throught Site A but not the other way. Here are the Config files for both routers:
Router A
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname RouterA
!
boot system flash aaa1336.bin
boot system flash
logging buffered 10000 debugging
!
!
!
!
!
clock timezone est -5
clock summer-time EDT recurring
ip subnet-zero
no ip finger
!
ipx routing 0009.e833.3909
!
!
!
interface FastEthernet0/0
description NetworkA
ip address 192.168.20.1 255.255.255.0
ip directed-broadcast
duplex auto
speed auto
ipx encapsulation SAP
ipx network BABE1
no mop enabled
!
interface Serial0/0
description Connection to NetworkB
bandwidth 1152
ip address 192.168.25.1 255.255.255.0
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
ipx network FAChyh
ipx type-20-propagation
no fair-queue
service-module t1 timeslots 1-24
service-module t1 fdl ansi
frame-relay interface-dlci 16
frame-relay lmi-type ansi
frame-relay local-dlci 16
!
router eigrp 100
network 192.168.20.0
network 192.168.25.0
default-metric 50 50 255 50 1500
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.20.5
ip route 0.0.0.0 0.0.0.0 192.168.30.1 2 (I have also tried 192.168.25.2)
no ip http server
!
!
!
!
!
no scheduler allocate
end
Router B
Current configuration : 3016 bytes
!
version 12.1
service timestamps debug datetime
service timestamps log datetime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname routerB
!
boot system flash c2600-do3s-mz.121-6.bin
boot system flash
logging buffered 10000 debugging
!
!
!
!
!
clock timezone eastern 23 59
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
no ip finger
ip name-server xxx.xxx.xxx.xxx.
ip name-server xxx.xxx.xxx.xxx
!
ip inspect name inspect1 udp timeout 300
ip inspect name inspect1 tcp timeout 300
ip inspect name inspect1 cuseeme
ip inspect name inspect1 ftp
ip inspect name inspect1 h323
ip inspect name inspect1 http
ip inspect name inspect1 rcmd
ip inspect name inspect1 realaudio
ip inspect name inspect1 sqlnet
ip inspect name inspect1 streamworks
ip inspect name inspect1 tftp
ip inspect name inspect1 vdolive
ip audit notify log
ip audit po max-events 100
ipx routing 0004.c05e.0323
!
!
controller T1 1/0
framing esf
linecode b8zs
channel-group 1 timeslots 1-24 speed 64
fdl ansi
description Conncetion to Site A
!
!
!
!
interface Tunnel1
no ip address
!
interface Ethernet0/0
description Ethernet Connection to SiteB
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip inspect inspect1 in
ipx network fgfafa
no cdp enable
!
interface Serial1/0:1
description Connection to Network A
bandwidth 1536
ip address 192.168.25.2 255.255.255.0
encapsulation frame-relay
keepalive 8
ipx network hjsdhsd
ipx type-20-propagation
no fair-queue
frame-relay interface-dlci 17
frame-relay lmi-type ansi
!
interface Serial1/0:1.1 point-to-point
description ISP Conncetion
bandwidth 384
ip address xxx.xxx.xxx.54 255.255.255.252
ip access-group 150 in
no ip proxy-arp
ip nat outside
frame-relay interface-dlci 18
!
router eigrp 100
network 192.168.25.0
network 192.168.30.0
default-metric 50 50 255 50 1500
no auto-summary
no eigrp log-neighbor-changes
!
ip nat pool isp xxx.xxx.xxx.26 xxx.xxx.xxx.26 netmask 255.255.255.248
ip nat inside source list 1 pool isp overload
ip nat inside source static tcp 192.168.30.17 25 xxx.xxx.xxx.27 25 extendable
ip classless
ip forward-protocol spanning-tree
ip route 0.0.0.0 0.0.0.0 Serial1/0:1.1 xxx.xxx.xxx.53
ip route 0.0.0.0 0.0.0.0 Serial1/0:1 192.168.25.1 2
no ip http server
!
access-list 1 permit 192.168.30.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 12 permit 192.168.20.0 0.0.0.255
access-list 12 permit 192.168.30.0 0.0.0.255
access-list 150 deny ip 192.168.20.0 0.0.0.255 any
access-list 150 deny ip 192.168.30.0 0.0.0.255 any
access-list 150 deny ip 127.0.0.0 0.255.255.255 any
access-list 150 permit ip any any
no cdp run
!
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end
Thanks in Advance
John
12-30-2002 06:43 AM
On router 'A' remove "ip route 0.0.0.0 0.0.0.0 192.168.30.1 2"
On router 'A' add "ip route 0.0.0.0 0.0.0.0 192.168.25.2 2"
On router 'A' add "no auto-summary" to the eigrp config
12-30-2002 07:02 PM
Any other suggestions. That did not work. Thanks
12-30-2002 08:17 PM
This is what I infer frm your configs.
At site A, router A is only used to link to site B. There is another router, in the lan at site A, which is the internet gateway. ( This is because, u havent indicated any configs for the full internet T1 link at site A on router A).
At site B, router B is both the internet router, as well as the router which connects to site A ( you have listed both configs)
Now, on site A, PC (workstations) would have been configured with Internet gateway (you havent mentioned this) as default gateway. If that router, already has a default route (say "ip route 0.0.0.0 0.0.0.0 serial 0 ) to the ISP, then add another default route as follows,
ip route 0.0.0.0 0.0.0.0 192.168.20.1 2 ( where 192.168.20.1 is the fast ethernet ip address of router A at site A). The last digit 2 is the administrative distance of the route, allowing this default route to kick in, only when the primary ISP link (Full T1) at site A fails.
Hope that helps.
12-31-2002 07:31 AM
Its seems to be failing after 192.168.25.2. When I do a tracert it hits the serial interface of Router B (192.168.25.2) then it times out. Anyone have any Ideas.
Thanks in Advance
12-31-2002 07:38 AM
Is your physical topology: internet -> serial line -> router "?" -> fastethernet -> router "A" -> serial line -> router "B" -> serial line -> internet ?
The routing that I gave you will allow router "A" to route properly, but there is a problem. The floating static route will only be used if the when the primary static route fails. The primary route will be lost if fastethernet 0/0 goes down. If fastethernet 0/0 goes down, there won't be any traffic to route.
I think I know what you are trying to do, but I need a better description of your network. Also, you will have some issues with the default gateway setting on the end devices. You may need to think about a topological change to do this.
12-31-2002 07:46 AM
what I have done is taken the primary route out totally and substituted the secondary route as follows
0.0.0.0 0.0.0.0 192.168.20.5(remove)
Relace with 0.0.0.0 0.0.0.0 192.168.25.2
I figured I'd start here and get it working before changing the administrative distance to create floating routes. Stilll no go. Thanks for the replies
John
12-31-2002 07:53 AM
My topology is as follows:
Internet router(not mentioned in previous posts)>>>Firewall(192.168.20.5)>>>>Router A Ethernet(192.168.20.1)>>>>>Router A Serial(192.168.25.1)>>>>Router B Serial1/0:1(192.168.25.2)>>>>>>Router B Ethernet0/0(192.168.30.1)>>>>>>Router B Sub Serial1/0:1.1(Internet Assigned IP)
I din not mention the Internet Router on Site A Side or the FW because they have nothing to do with changing the default route to 192.168.25.2. Even If I have to manually change the route when needed that would be fine. I can't even get that to work.
Thanks
John
12-31-2002 11:12 AM
Are your users at site "A" connected to the 192.168.20.0 network?
12-31-2002 11:18 AM
Yes they are.
12-31-2002 11:50 AM
Here is the problem: For the users at site "A" to reach the internet the default gateway should be set to the firewall. For them to reach site "B" the default gateway should be the router. You can probably make it work to set the default gateway to the router. When a packet comes in that needs to go to the internat, I think what will happen is the router will send it to the firewall and send an ICMP redirect back to the workstation. Not the best way to do it but it should work. When a packet comes in that needs to go to site "B", router "A" will forward it to router "B". So far so good.
But, if the internet link at site "A" goes down, the router will not know about it. The serial link is connected to the firewall, and therefore its status is insulated from the router. The fastEthernat interface at router "A" will not go down. Router "A" still thinks that the route is good (the interface is up) so it keeps the route in its forwarding table and doesn't use the floating static route.
The reason it works at site "B" is that the router will know if one link goes down and can then switch to the other.
12-31-2002 01:58 PM
Agreed, the firewall isolates router A from knowing the status of the Internet connection and upon failure, router A will need manual intervention to correct routing. I still don't think router B knows how to get to the user's subnet on router A without redistributing the directly connected IP range into EIGRP. If router B does not have a route, it will send it to the valid static back to the Internet.
12-31-2002 01:48 PM
Have you tried adding the redistribute connected command to your eigrp config? It looks like your traffic may be failing at router B because it gets to router B and follows the static default route to the internet but upon return can not find a route to the .20 addresses. You have the .20 network defined on router A but I believe you need to redistribute connected for the .20 network to show up as a route on router B so your return traffic will not follow the valid 0.0.0.0 static. Check both router A and B for eigrp topology.
12-31-2002 02:37 PM
If eigrp is working properly, the 192.168.20.0 network should be learned from router "A" at router "B". 'show ip route 192.168.20.0' should verify this. I don't think that 'redistribute connected' is necessary.
12-31-2002 03:04 PM
Eigrp is working correctly. Is it possible that the Nat pool is not functioning correctly and disallowing 20.0 clients to pull from the pool? I have only one address in the pool that 30.0 and 20.0 networks share. Is this a problem?
At tis poinbt I dont even care about makeing a backup route. If I have to take out the default Route and replace I am ewilling to do that. It doesn;t have to be seemless. If I do it that way the Firewall should have anyting to do with the setup. Thanks for taking the time to analyze this. I guess I'll keep searching for the answer.
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: