Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Route-Map Problem

I am having problems getting an internal router to correctly failover to the right interface using a route-map. This is my network setup.

--E0-InsideRtr(A)-E1---Pix---Border-Rtr--Internet---Border-Rtr---Pix--InsideRtr(B)

| |

Serial0.44 Serial0.44

\ /

\ ----------------Private Frame Cloud--------------------------- /

The scenario is to use a VPN tunnel so that all traffic from Network B going to

a server (10.250.32.19) on Network A use the Internet rather than the Private Frame Cloud. Traffic from the Network A server should return across the Internet to Network B (10.250.72.0). Should the link to the Internet go down on either Network A or Network B then traffic to the server would revert back to using the Private Frame Cloud.

Currently, I have the VPN tunnel between both Pixes working to send the traffic from Network B to Network A over the Internet. In testing, the traffic from Network A correctly uses the Pix as the next-hop in returning traffic for just the server 10.250.32.19 to 10.250.72.0. The problem is that if the Network A Pix is disconnected the route-map continues to try to send the traffic to the Pix regardless of having a second next-hop address of the Serial interface of the cloud.

In researching the issue on newsgroups, it was mentioned that this is not possible using a Pix as the next-hop when the Pix goes down. The post said that on a LAN, the Cisco router can't tell that the Pis has failed, so it will never drop that default route and switch to the backup route. That seems to be exactly what is occurring.

How do I get around that? One thing that I tried was to set up BGP between the Network A Inside and Border routers so that the next-hop for the Inside router would be the Border Router address. However, the problem there is that the next-hop ip address must be adjacent. Consequently, the route-map fails using the Border-Router IP address and never uses the Pix.

Here is the Network A information that partially works when using the Pix as the next-hop.

Pix Inside address is 10.250.33.2

interface Ethernet0

ip address 10.250.32.1 255.255.255.0

no ip mroute-cache

no ip route-cache

ip policy route-map colvpn

!

interface Ethernet1

ip address 10.250.33.1 255.255.255.0

no ip mroute-cache

no ip route-cache

!

ip route 0.0.0.0 0.0.0.0 10.250.33.2

access-list 110 permit ip host 10.250.32.19 10.250.72.0 0.0.0.255

route-map colvpn permit 10

match ip address 110

set ip next-hop 10.250.33.2 192.168.250.69

!

route-map colvpn permit 20

Any suggestions? Thanks.

1 REPLY

Re: Route-Map Problem

Look into setting up one tunnel between the 2 routers over the internet (tunnel0) and one over the private frame network (tunnel1). Run eigrp over both of them (or run eigrp over the frame and rip over the internet, as eigrp would be preferred). When the tunnel drops, eigrp (or rip) will drop, and the other path will be selected. Have the default route still pointing to the internet and a default route with a higher metric pointing to the private frame network. Then you can add your policy route-map, pointing to the internet tunnel endpoint with the frame tunnel end point as the backup.

Hope it helps

Steve

315
Views
0
Helpful
1
Replies
CreatePlease to create content