my primary is connected to fiber from ethernet port

the backup is a cable modem/router that I connected to a free ethernet port.

they are both connected via RJ45, I am not using a serial port.

yes, it is a 2600 series. I am trying to set up some redundcy for my firm because we have been hit hard this year by thunderstorms. and because it is best practice!

this may help... on the 2600 connection to the backup ISP modem/router, I put in the IP config that the cable company gave me. it works fine (meaning I can ping it), but I am missing something in my config to make all out bound traffic failover without having to do so manually.

thanks

If you are not running any routing protocols what you can do is

ip route 0.0.0.0 0.0.0.0 nexthopoffiberconnection

ip route 0.0.0.0 0.0.0.0 nexthopofethernetconnection 250

what this does is it puts in a 2 default routes , one has an admin distance of 0 or 1 and the other has an admin dist of 250. The lower the admin dis the better. If the fiber connection fails it will pick up the route with the admin dist of 250.

do I type it out exactly as you put it? with the words after the IP just like in you example?

did this really work, I know it works for a the router, but do you have any webservers, mailservers, etc that people need to access from the outside, if yes, then you will have issues, if outbound traffic is all you need then there isn't a problem.

Well, I just tried the solution and it didn't work. the commands didn't work either. the way I have both interfaces is with ip nat outside, no ip directed-broadcast and no ip mroute-cashe.

these commands have worked well with the main fiber connecction, so I thought they would be fine with the back up cable modem connection as well.

when I typed in the new commands this morning, I got an error msg, invalid.

And, I also have my email server here. But, I figure that the most time the fiber should be out is maybe 6hrs max, if that. So email is not a major concern, but what about my firewall that connects to our datacenter? if the email server will have issues, then I assume my firwall vpn will too.

I don't know how to cancell the red check mark. but his soloution did not work on my cisco 2610 with IOS ver 12.0.

thanks

I agree.

I suppose you are using public IP addresses "leased" from your ISP.

You can connect to two ISPs using NAT to translate the source addresses of outgoing packets to either one or the other ISP's address range depending on the outgoing interface, e.g.

But if you want to use the backup line for the incoming traffic you are in IP addresses range problem - the destination IP address can't belong to one ISP address range and the traffic come to you through the other one's AS.

So the only solution I know is to use your own public addresses (to get your ISP-independent IP address range from IANA together with your AS number - I don't know the exact procedure how to get them) and run BGP between your network and the ISPs networks. There are some config examples available (http://www.networkingunlimited.com/white008.html, search dual homed BGP fo others) but it's not so easy.

Regards,

Milan

this may be a little long but it would help if you

can post a sketch or written description.

I'm assuming something like a router with a serial interface with a /30 subnet , then an inside ethernet interface with a subnet assigned by the isp. Attached to that is a firewall that has an outside address on this subnet and a private inside interface, and it is natting outbound traffic.

before we go any farther, can you verify this.

You can also use backup interface command on your main isp interface.

Es.

Interface E0

Description Main ISP

IP address x.x.x.x y.y.y.y

backup interface ethernet 1

Iterface E1

Description Backup ISP

ip address a.a.a.a b.b.b.b

ip route 0.0.0.0 0.0.0.0 x.x.x.x

ip route 0.0.0.0 0.0.0.0 a.a.a.a 250

Hope this help

Just confirm . whether you have given Public IP address or private IP address to your firewall?

In case of private IP...last solution will work.No issue.

But in case of Public IP...this solution will not work.Then you need to change the IP address in case of primary link down.

Good Luck.

You sound like you are a long way from understanding this and you may need to hire a consultant. The floating static routes described earlier are a simple process but they only help with outbound traffic.

The addresses in your nat pool belong to your primary ISP. They advertise that network to the internet so everyone, including your secondary isp sends traffic to them (primary isp). To make redundant internet links work you either have to get the isps to agree to advertise secondary paths to that address space, or you need to use a different nat address pool for the backup isp.

This link shows how to do that

http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml