Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3361
Views
0
Helpful
5
Replies

Cisco 2911 Dual ISP route

ThomasMull9000
Level 1
Level 1

‎06-19-2012 02:25 AM - edited ‎03-04-2019 04:43 PM

Hello Guys

We have a cisco 2911 cisco router so i want to use as a load balancer using two different ISP networks, example if the first ISP network gets down i need the second ISP will take over all routing and get for internet access

here is my scenerio..

First ISP = PUblic ip =    155.1555.155.2  gateway =   155.155.155.1

seceond ISP Public =    40.51.16.9           gateway =    40.51.16.1

Inside network = 192.168.1.0. /24

Labels:
0 Helpful
5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

‎06-19-2012 04:31 AM

Hi,

You can try this:

ip sla 1

icmp-echo 8.8.8.8

timeout 1000

frequency 3

ip sla schedule 1 start-time now life forever

track 1 ip sla 1

ip route 0.0.0.0 0.0.0.0 155.155.155.1  track 1

ip route 0.0.0.0 0.0.0.0 40.51.16.1 10

access-list 110 permit icmp host 8.8.8.8

route-map SLA_TRACK permit 10

match ip address 110

set ip next-hop 155.155.155.1

exit

ip local-policy route-map SLA_TRACK

On inside interface: ip nat inside

On Outside interface: ip nat outside

access-list 10 permit 192.168.1.0 0.0.0.255

route-map PRIMARY permit 10

match ip address 10

match ip next-hop 155.155.155.1

route-map BACKUP permit 10

match ip address 10

match ip next-hop 40.51.16.1

exit

ip nat inside source route-map PRIMARY interface x/x   where x/x is going to 155.155.155.1

ip nat inside source route-map BACKUP interface x/x   where x/x is going to 40.51.16.1

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

mateomateo1
Level 1
Level 1
In response to cadet alain

‎12-18-2012 04:06 AM

Hi, I have a question to that set-up,

with 2 or more lines set up as load ballancing, can you add vpn s2s with load ballancing also?

0 Helpful

david.tran
Level 4
Level 4
In response to mateomateo1

‎12-18-2012 04:28 AM

s2s IPSec is an overlay of your load-balancing.  If your load-balancing works, s2s IPSec will work as well, as long as you use a loopback interface for your crypto map (i.e. crypto map local-address lo0) so that your IPSec is independent of the ISP and it will utilize both ISP

0 Helpful

mateomateo1
Level 1
Level 1
In response to david.tran

‎12-18-2012 05:12 AM

do you have any example off hand?

0 Helpful

david.tran
Level 4
Level 4
In response to mateomateo1

‎12-18-2012 05:19 AM

on cisco 2911:

ip access-list extended vpn

  permit ip your_lan/x  remote_lan_x

crypto isakmp key cciesec address vpn_peer_x no-xauth

interface lo0

ip address 4.2.2.2 255.255.255.255 (make sure that this loopback address is reachable on the Internet)

crypto isakmp pol 1

  authen pre-sh

  hash sha

  ecnr aes 256

  group 5

  life 86400

no crypto ipsec udp-en (not sure about the exact syntax)

crypto ipsec trans tset esp-aes 256 esp-sha-hmac

crypto map local-address looback0

crypto map vpn 10 ipsec-isakmp

  set peer vpn_peer_x

  set transform tset

  set pfs group5

  set securify life sec 3600

  mat address vpn

interface lo0

  crypto map vpn

interface g0/0

  ip address ISP1

  crypto map vpn

interface g0/1

  ip address ISP2

  crypto map vpn

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card