07-19-2012 04:45 PM - edited 03-04-2019 05:01 PM
I have a single router at location X with two circuits, one is MPLS from this location to DataCenter.
Another is internet circuit.
Traffic for DataCenter is going Via MPLS circuit.And internet traffic is going through Tunnel3.
Internet traffic goes through Tunnel 3 to DataCenter, where we have checkpoint.
In case MPLS circuit goes down, traffic goes through Tunnel 2 to DataCenter. Tunnel 2 is backup for MPLS.
Again MPLS circuit is T1 and Internet circuit is 40 Mbps. Most of our traffic is internet based.
Problem is that we have a server at DataCenter 10.4.4.220 and traffic for this is going through MPLS.
But I want it take path Via tunnel that is tunnel 3.
Let me what all changes do I need to in present configuration.
==================================================================================================
interface Tunnel2
description Secondary tunnel to MTC
bandwidth 1000
ip address 172.19.2.227 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication gu3ssM3!
ip nhrp map multicast *.*.*.*
ip nhrp map 172.19.2.1 *.*.*.*
ip nhrp network-id 98
ip nhrp holdtime 300
ip nhrp nhs 172.19.2.1
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 941752
tunnel protection ipsec profile dmvpn shared
!
interface Tunnel3
description Internet tunnel to Augusta
bandwidth 6000
ip address 172.19.3.227 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication gu3ssM3!
ip nhrp map multicast *.*.*.*
ip nhrp map 172.19.3.1 *.*.*.*
ip nhrp network-id 93
ip nhrp holdtime 300
ip nhrp nhs 172.19.3.1
ip route-cache flow
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 174390
!
interface GigabitEthernet0/0
description LAN
ip address 10.96.1.1 255.255.255.0 secondary
ip address 10.96.10.1 255.255.255.0 secondary
ip address 192.168.206.1 255.255.255.0
ip access-group pitbow-mail in
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip policy route-map PBR-G0/0
load-interval 30
duplex auto
speed auto
!
interface GigabitEthernet0/1
bandwidth 40000
ip address 12.248.235.226 255.255.255.252
ip access-group Outside_In in
ip nat outside
ip inspect Internet out
ip virtual-reassembly
ip route-cache flow
load-interval 30
duplex full
speed 100
traffic-shape rate 40000000 500000 500000 1000
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
ip route-cache flow
no ip mroute-cache
load-interval 30
frame-relay lmi-type ansi
service-policy output XXX
!
interface Serial0/0/0.100 point-to-point
ip address 206.115.52.214 255.255.255.252
no cdp enable
frame-relay interface-dlci 115 IETF
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
router bgp 65178
no synchronization
bgp log-neighbor-changes
network 10.96.1.0 mask 255.255.255.0
network 192.168.206.0
neighbor 172.19.2.1 remote-as 65178
neighbor 172.19.2.1 description mtcbwr001
neighbor 172.19.2.1 route-map SetBGPPref in
neighbor 172.19.2.1 route-map OnlyLocal out
neighbor 172.19.2.230 remote-as 65178
neighbor 172.19.2.230 description Springfield
neighbor 172.19.2.230 route-map BGPPrefSpring in
neighbor 172.19.2.230 route-map OnlyLocal out
neighbor 172.19.3.1 remote-as 65178
neighbor 172.19.3.1 description AGSInternet_2811
neighbor 172.19.3.1 route-map InternetRoute in
neighbor 172.19.3.1 route-map OnlyLocal out
neighbor 206.115.52.213 remote-as 65000
neighbor 206.115.52.213 description Verizon PE
neighbor 206.115.52.213 route-map OnlyLocal out
no auto-summary
!
ip route 4.2.2.1 255.255.255.255 12.248.235.225
ip route 10.4.4.166 255.255.255.254 172.19.3.1
ip route 10.4.4.168 255.255.255.254 172.19.3.1
ip route 10.80.4.0 255.255.255.0 172.19.2.230
ip route 12.88.52.118 255.255.255.255 12.248.235.225
ip route 70.34.176.147 255.255.255.255 12.248.235.225
ip route 70.34.176.149 255.255.255.255 12.248.235.225
ip route 207.241.227.167 255.255.255.255 12.248.235.225
ip route 216.116.249.20 255.255.255.255 12.248.235.225
ip route 216.116.249.25 255.255.255.255 12.248.235.225
ip route 216.116.252.50 255.255.255.255 12.248.235.225
!
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-export destination 10.4.4.82 2055
ip flow-export destination 10.4.5.5 2055
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list NAT-OUT interface GigabitEthernet0/1 overload
ip tacacs source-interface GigabitEthernet0/0
!
ip access-list extended NAT-OUT
permit ip 192.168.206.0 0.0.0.255 host 70.34.176.147
permit ip 192.168.206.0 0.0.0.255 host 70.34.176.149
permit ip host 192.168.206.140 any
ip access-list extended Outside_In
permit icmp any any
remark Remote Troubleshooting
permit tcp host 216.116.252.50 any eq 22
remark VPN Connectivity
permit esp any any
permit gre any any
permit udp any any eq isakmp
permit icmp host 63.110.159.117 any
permit icmp host 216.116.252.50 any
permit icmp host 208.255.229.66 any
permit icmp host 157.130.160.46 any
remark For DHCP
permit udp any any eq bootpc
ip access-list extended PBR-Versa
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.0.0.0 0.255.255.255
deny ip any 216.116.224.0 0.0.31.255
permit ip host 192.168.206.140 any
deny ip any any
ip access-list extended Springfield-Citrix
permit ip host 192.168.206.11 192.168.207.0 0.0.0.255
ip access-list extended corporate-ftp
permit ip 192.168.206.0 0.0.0.255 host 216.116.253.21
ip access-list extended pitbow-mail
permit ip host 192.168.206.42 any log
permit ip any any
!
logging 10.4.4.158
access-list 1 permit 192.168.206.0 0.0.0.255
access-list 1 permit 10.96.1.0 0.0.0.255
access-list 2 permit 192.168.206.27
snmp-server community
snmp-server ifindex persist
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps entity
snmp-server enable traps event-manager
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps mpls ldp
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls vpn
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps rtr
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps vsimaster
snmp-server enable traps vtp
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps voice poor-qov
snmp-server enable traps voice fallback
snmp-server enable traps dnis
snmp-server host 10.4.5.6 fred
!
route-map PBR-G0/0 permit 10
match ip address corporate-ftp
set ip next-hop 172.19.3.1
!
route-map PBR-G0/0 permit 20
match ip address PBR-Versa
set ip next-hop 12.248.235.225
!
route-map SetBGPPref permit 10
set ip next-hop 172.19.2.1
set local-preference 75
!
route-map BGPPrefSpring permit 10
set ip next-hop 172.19.2.230
set local-preference 130
!
route-map InternetRoute permit 10
set ip next-hop 172.19.3.1
set local-preference 125
!
route-map OnlyLocal permit 10
match ip address 1
07-19-2012 06:09 PM
A simple solution would be to add a host static route out of the tunnel - ip route 10.4.4.220 255.255.255.255. tu 3
-K
07-20-2012 01:59 AM
I did tried to add static route, but it is not working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: