ISP Failover Issue on Cisco Router & sonicwall firewal
in one of my customer place we are facing some ISP failover issue.below is the Network Setup details
1) we have airtel internet lease line with static public IP with /30
2) this airtel links connect to Cisco router 2801 with
3) the router 2801 interface f0/1 connected to sonicwall firewall on X1 interface.
4) this Sonicwall operates in transparent mode connected to LAN swicthes
5) The MTNL DSL internet MOdem (256kbps) is connected to SOnicwall x2 interface & connects the users to the internet when ever primary airtel links goes down.
"now the problem is here , once the main airtel links goes down the sonicwall firewall automatically swicth over to MTNL DSL Internet link.& failover works fine . but once the Airtel links comes back. the sonicwall doesnot swicth over the to primary airtel links. if we want traffic shuold go to airtel link , we need to manually clear the arp entries in the sonicwall firewall after then it switch to airtel links.we checked with sonicewall technical support team they say that may be some issue with cisco router. any idea what could be the problem."
Note : Static ARP entries has done in the Router for the connected interface of the firewall.
attached the running config of the router & Network Diagram
Re: ISP Failover Issue on Cisco Router & sonicwall firewal
i will suggest two things.
first, (although this may not not be the problem)
remove these two lines from the router:
ip default-gateway 126.96.36.199
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.53
and replace with:
ip route 0.0.0.0 0.0.0.0 188.8.131.52
(the former two line makes u arp for every destination because you are mapping default route to an interface and not an IP address.
i will suggest that you keep the sonicwall as a firewall and let the routing and failover be done on a router (this is what they do best) do the PPPoE on the cisco router. failover to the DSL when the main links goes down.
you can do this a a number of ways.
1. use IP SLA to track your service provider gateway IP address on the main link.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...