I have facing problem in accessibility from outside in following scenario. I have two internet connection from two different ISPs said ISP1 and ISP2, Goal is both ISPs work in load sharing manner,
PPTP VPN traffic goes to ISP2 from Interface Fastethernet4 and all other traffic is goes to ISP1 and in case of any link down all traffic shift to other active link for this I configure IP SLA with route-map all is working well from inside the problem is:
1- Both WAN IPs did not ping from outside.
Router is Cisco 881W which also act PPTP VPN Server.
! no ip dhcp use vrf connected ip dhcp excluded-address 10.0.1.114 ip dhcp excluded-address 10.0.1.1 10.0.1.100 ip dhcp excluded-address 10.0.1.230 10.0.1.254 ! ip dhcp pool INSIDE network 10.0.1.0 255.255.255.0 default-router 10.0.1.1 dns-server 202.xx.xx.xx 202.xx.xx.xx 203.xx.x.xx 203.xx.x.xx 188.8.131.52 ! ! ! no ip domain lookup ip domain name asd.com no ipv6 cef ! ! multilink bundle-name authenticated vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! license udi pid C881WD-A-K9 sn FGL172823Z9 ! ! username admin password 7 xxxxxxxxxxxxxxxxxxxxxxxx username asd privilege 15 password 7 xxxxxxxxxxxxxxx username sdf password 7 xxxxxxxxxxxxxxx ! ! ! ! ! ip ssh source-interface FastEthernet4 ip ssh version 1 ! track 10 ip sla 1 reachability delay down 1 up 1 ! track 20 ip sla 2 reachability delay down 1 up 1 ! ! ! ! ! ! ! ! ! interface FastEthernet0 switchport access vlan 2 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 ip address 116.xx.xx.26 255.255.255.xx ip nat outside no ip virtual-reassembly in duplex auto speed auto ! interface Virtual-Template1 ip unnumbered FastEthernet4 peer default ip address pool webvpn-pool no keepalive ppp encrypt mppe auto required ppp authentication ms-chap ms-chap-v2 ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP no ip address ! interface wlan-ap0 description Embedded Service module interface to manage the embedded AP ip unnumbered Vlan1 ! interface Vlan1 ip address 10.0.1.1 255.255.255.0 ip nat inside no ip virtual-reassembly in ip policy route-map PBR ! interface Vlan2 ip address 122.xx.xx.204 255.255.255.xx ip nat outside no ip virtual-reassembly in ! ip local pool webvpn-pool 10.0.1.80 10.0.1.100 ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat translation timeout 9000 ip nat pool LIVEIPs 116.xx.xx.26 116.xx.xx.29 netmask 255.255.255.xx ip nat inside source route-map ISP1 interface Vlan2 overload ip nat inside source route-map ISP2 pool LIVEIPs overload ip nat inside source static tcp 10.0.1.114 81 116.xx.xx.xx 81 extendable ip route 0.0.0.0 0.0.0.0 116.xx.xx.25 track 10 ip route 0.0.0.0 0.0.0.0 122.xx.xx.254 track 20 ! ip sla auto discovery ip sla 1 icmp-echo 116.xx.xx.25 threshold 500 timeout 500 frequency 1 ip sla schedule 1 life forever start-time now
! ip sla 2 icmp-echo 122.xx.xx.254 threshold 500 timeout 500 frequency 1 ip sla schedule 2 life forever start-time now
! access-list 101 permit ip 10.0.1.0 0.0.0.255 any access-list 102 permit icmp any any access-list 102 permit ip 10.0.1.0 0.0.0.255 any access-list 102 permit tcp host 10.0.1.1 eq 22 any access-list 102 permit tcp host 10.0.1.1 eq 81 any access-list 102 permit udp host 10.0.1.1 eq 81 any access-list 102 permit tcp host 10.0.1.1 eq 1723 any access-list 102 permit gre any any access-list 103 permit ip any any ! route-map PBR permit 10 match ip address 102 set ip next-hop verify-availability 116.xx.xx.25 1 track 10 ! route-map PBR permit 30 match ip address 103 set ip next-hop verify-availability 122.xx.xx.254 2 track 20 ! route-map ISP2 permit 10 match ip address 101 match interface FastEthernet4 ! route-map ISP1 permit 10 match ip address 101 match interface Vlan2 ! snmp-server community xxxxxxxxxxxxx RO ! ! ! control-plane ! ! ! line con 0 no modem enable line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! scheduler allocate 20000 1000 ! end
After brainstroming, the problem with "ip cef" when I disable it with "no ip cef" command router get ping from outside but now problem is that packet has drop with out "ip cef" can some boday mention that what is wrong with "ip cef" when it is on with PBR and IP SLA
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...