10-07-2005 05:48 AM - edited 03-03-2019 10:41 AM
The are two links ( fast ethernet and ADSL) at central office to Internet. Remote offices use fast ethernet and ADSL also to get on Internet. All links are from different providers. The task is to use ADSL as a backup link in case local ethernet link is down or local provider has problem in his cloud so we cannot connect central office ethernet interface and if still disconnected try to connect to central office ADSL.
Which feature or technology could be used in this case.
10-07-2005 09:47 PM
hi
if you want to look down in some simple easier config scenario would suggest to have 2 GRE Tunnels one over the primary link (over the ethernet) and the other tunnel over the secondary (ADSL).
But do remember to have keepalives supported in your GRE interfaces which is very much reqd to route the traffic over the secondary tunnel when theres some reachability probs over the ethernet link and to make your primary GRE interace down.
Otherwise you wont be able to achieve the reduandcy or standby kinda config without the keepalives.
or else you can give a try using object tracking method.
i did suggest gre in the first point coz of the less complexitvity involved in donig that.
regds
11-21-2005 02:41 AM
thanks for a very usefull link.
one more question:
in case two ISPs with only one ip per interface how is it possiable to use NAT?
interface fast ethernet 0/0/1
...
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface gigabit 0/0
...
ip address 1.1.1.1 255.255.255.0
ip nat outside
!
interface gigabit 0/1
...
ip address 2.2.2.2 255.255.255.0
ip nat outside
!
...
NAT configuration like
ip nat source list 120 interface gigabit 0/0
ip nat source list 121 interface gigabit 0/1
won't work in case gigabit 0/0 is DOWN
and I also cannot define any pool.
11-21-2005 03:01 AM
Hi
you can achieve this using route-maps in conjunction with the normal nat statements..
similar kinda scenario is discussed in this link would suggest to chek out for more clarity on that..
regds
11-21-2005 03:38 AM
What you are about to read is about 60 hours of weekend experimentation and hair pulling, including calling up cisco phone support 3 times :-(
I've asked your exact question a few months ago on these forums.
here are bits and pieces of my config which you should analyse.
-------
route-map PRIMARY permit 10
match interface FastEthernet0
route-map PRIMARY permit 10
match interface Dialer0
ip route 0.0.0.0 0.0.0.0 1.1.1.1 10 track 123
ip route 0.0.0.0 0.0.0.0 2.2.2.2 20
ip nat insdie source route-map PRIMARY interface FastEthernet0 overload
ip nat inside source route-map SECONDRY interface
Dialer0 overload
no ip cef ( this is cisco's bandaid solution to a bug I found while trying to configure this on an 1811 router )
track 123 rtr 1 reachability
rtr 1
type echo protocol ipIcmpEcho 1.1.1.1
timeout 1000
threshold 1000
frequency 5
rtr schedule 1 life forever start-time now
------
I hope you find this useful, and keep me updated on how you go... because I would be interested to know.
I've just cut and paste all the important parts of my config which I got working. However, I had like 7 versions of the config, and from memory this is the correct one.
You need to read up on;
- PBR
- Object Tracking - Because a layer 2 link may exist yet there is no internet connectivity.
------
11-21-2005 07:04 AM
I made it natting with following config:
ip sla 1
icmp-echo 200.1.1.1
timeout 1000
threshold 3
frequency 10
ip sla schedule 1 life forever start-time now
...
track 17 rtr 1 reachability
...
ip route 0.0.0.0 0.0.0.0 60.1.1.1 track 10
ip route 200.1.1.0 255.255.255.0 60.1.1.1 50 track 17
ip route 0.0.0.0 0.0.0.0 70.1.1.1 250
...
ip local policy route-map ISP1
...
route-map ISP1 permit 10
match ip address 110 111
set interface GigabitEthernet0/1 GigabitEthernet0/0
set ip next-hop 60.1.1.1 70.1.1.1
...
route-map II permit 20
match ip address 120
match ip next-hop sec
match interface GigabitEthernet0/0
!
route-map I permit 10
match ip address 120
match ip next-hop prim
match interface GigabitEthernet0/1
...
ip access-list extended prim
permit ip host 60.1.1.1 any
permit ip any host 60.1.1.1
ip access-list extended sec
permit ip host 70.1.1.1 any
permit ip any host 70.1.1.1
!
As I am not sure that match inteface works after routing I used next hope address, which is known only after routing decision, in routing policy.
So
ip nat inside source route-map I interface GigabitEthernet0/1 overload
ip nat inside source route-map II interface GigabitEthernet0/0 overload
10-17-2006 05:01 AM
I have a Cisco 1811 and am trying the same thing but seem to be missing something. Could you repost your config where you got this to work, including necessary ACLs?
Thanks,
Brett
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: