Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2151
Views
0
Helpful
3
Replies

Problems with fail-over

kevinjansen
Level 1
Level 1

‎02-19-2010 12:18 AM - edited ‎03-04-2019 07:33 AM

Hello,

We are having some problems with out cisco 2800 router.

This is what we want:

We have 2 ISP's 1 fast (120mbit) and a backup (12mbit), the primary connection will be the fast isp on GigabitEthernet0/0.

The other connecting is on FastEthernet1/0 this connection is always online cause there are some route's over this uplink duo the permanent ip.

The routing is not working correctly. If the FastEthernet1/0 is going down the tracking system will remove the route and all traffic will go over GigabitEthernet0/0. When the FastEthernet1/0 is up again the tracking system will add the route again and the traffic that needs to go over the secondary isp is working agian. So till so far everything works

But when the GigabitEthernet 0/0 is going down/unreachable he removes the route and tells the router that all traffic needs to go over FastEthernet1/0 this works perfect for NEW connections, the current connections will fail cause he reminders some how that it needs to be over GigabitEthernet0/0

When i clear the cache all traffic will route over the second isp. Also when the primairy is back online again, All new traffic will work, current traffic is still over FastEthernet1/0

GigabitEthernet0/0 = Uplink fast ISP ip by DHCP

GigabitEthernet0/1 = Internal Traffic 10.1.0.x

FastEthernet1/0 = Uplink backup ISP ip by DHCP

Can please someone assist me and tell me whats wrong or whats needed to get this work fully.

Router config:

HCRouter#show run
Building configuration...

Current configuration : 4052 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret ***********
enable password ***********
!
no aaa new-model
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.0.1 10.1.0.99
!
ip dhcp pool Office
   import all
   network 10.1.0.0 255.255.255.0
   default-router 10.1.0.3
   dns-server 10.1.0.3
!
!
ip domain name Local.Domain
ip name-server 4.2.2.1
ip name-server 4.2.2.2
ip name-server 4.2.2.3
ip name-server 4.2.2.4
!
multilink bundle-name authenticated
async-bootp gateway 10.1.0.3
async-bootp dns-server 10.1.0.3
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
l2tp tunnel receive-window 1024
!
!
!
crypto pki trustpoint local
enrollment selfsigned
revocation-check crl
rsakeypair my_key 1024 1024
!
!
!
!
username root privilege 15 password ***********

archive
log config
  hidekeys
!
!
!
!
ip ssh version 2
track timer interface 5
!
track 1 rtr 1 reachability
delay down 5 up 3
!
track 2 rtr 2 reachability
delay down 5 up 3
!
!
!
interface GigabitEthernet0/0
description Primary UPC
ip address dhcp
ip dns view-group name
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface GigabitEthernet0/1
ip address 10.1.0.3 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
peer default ip address pool vpn-pool
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap ms-chap-v2
!
ip local pool vpn-pool 10.1.0.70 10.1.0.99
no ip forward-protocol nd
ip route 89.255.0.23 255.255.255.255 GigabitEthernet0/0 254 track 1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 track 1
ip route 89.255.0.23 255.255.255.255 FastEthernet1/0 track 2
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 254 track 2
ip route 62.223.10.1 255.255.255.255 FastEthernet1/0
ip route 212.142.2.1 255.255.255.255 GigabitEthernet0/0
!
!
ip http server
ip http secure-server
ip dns server
ip nat translation timeout 3
ip nat translation icmp-timeout 3
ip nat inside source static tcp 10.1.0.14 22 interface FastEthernet1/0 7966
ip nat inside source route-map upc interface GigabitEthernet0/0 overload
ip nat inside source route-map xs4all interface FastEthernet1/0 overload
ip nat inside source static tcp 10.1.0.30 3389 62.195.4.214 3389 extendable
!
ip access-list extended MyNetwork
permit ip 10.1.0.0 0.0.0.255 any
!
ip sla 1
icmp-echo 212.142.2.1 source-interface GigabitEthernet0/0
timeout 1000
threshold 40
frequency 3
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 62.223.10.1 source-interface FastEthernet1/0
timeout 1000
threshold 40
frequency 3
ip sla schedule 2 life forever start-time now
no cdp run
!
!
route-map xs4all permit 10
match ip address MyNetwork
match interface FastEthernet1/0
!
route-map upc permit 10
match ip address MyNetwork
match interface GigabitEthernet0/0
!
!
!
control-plane
!
banner login ^C
##################################################^C
!
line con 0
exec-timeout 0 0
password 7 02050D480809
logging synchronous
line aux 0
line vty 0 4
session-timeout 120
privilege level 15
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
!
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn install csd flash:/webvpn/sdesktop.pkg
end

HCRouter#

Labels:
0 Helpful
3 Replies 3

kevinjansen
Level 1
Level 1

‎02-20-2010 05:26 AM

I still dont have a solution, anyone haves some more information? Idea's ? everything is welcome.

0 Helpful

KARUPPUCHAMY MALAIYANDI
Level 4
Level 4
In response to kevinjansen

‎02-20-2010 06:23 AM

HI,

Can you paste the physical network connectivity of the current router to internet cloud.

Thanks & Regards

Karuppu

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee
In response to kevinjansen

‎02-20-2010 09:35 AM

Hi Kevin,

I think that's because the dynamic NAT entries for existing connections. One solution I can think right now is to use EEM ; when your lose primary connection, router will clear ip nat transaction; when primary connection comes back, router will clear ip nat transaction again. That requires IOS version 12.4(2)T or later. If your router running 12.4(2)T or later code, you can try to implement the following configuration.

event manager applet UP
event track 1 state up
action 1 cli command "enable"
action 1.1 cli command "no file prompt quiet"
action 2 cli command "clear ip nat translation *" pattern "#"
action 2.1 cli command "no file prompt quiet"
event manager applet DOWN
event track 1 state down
action 1 cli command "enable"
action 1.1 cli command "no file prompt quiet"
action 2 cli command "clear ip nat translation *" pattern "#"
action 2.1 cli command "no file prompt quiet"

HTH,

Lei Tian

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card