Routing/Tunnel

Kesar123456 · ‎07-19-2012

I have a single router at location X with two circuits, one is MPLS from this location to DataCenter.

Another is internet circuit.

Traffic for DataCenter is going Via MPLS circuit.And internet traffic is going through Tunnel3.

Internet traffic goes through Tunnel 3 to DataCenter, where we have checkpoint.

In case MPLS circuit goes down, traffic goes through Tunnel 2 to DataCenter. Tunnel 2 is backup for MPLS.

Again MPLS circuit is T1 and Internet circuit is 40 Mbps. Most of our traffic is internet based.

Problem is that we have a server at DataCenter 10.4.4.220 and traffic for this is going through MPLS.

But I want it take path Via tunnel that is tunnel 3.

Let me what all changes do I need to in present configuration.

==================================================================================================

interface Tunnel2

description Secondary tunnel to MTC

bandwidth 1000

ip address 172.19.2.227 255.255.255.0

no ip redirects

ip mtu 1416

ip nhrp authentication gu3ssM3!

ip nhrp map multicast *.*.*.*

ip nhrp map 172.19.2.1 *.*.*.*

ip nhrp network-id 98

ip nhrp holdtime 300

ip nhrp nhs 172.19.2.1

delay 1000

tunnel source GigabitEthernet0/1

tunnel mode gre multipoint

tunnel key 941752

tunnel protection ipsec profile dmvpn shared

!

interface Tunnel3

description Internet tunnel to Augusta

bandwidth 6000

ip address 172.19.3.227 255.255.255.0

no ip redirects

ip mtu 1416

ip nhrp authentication gu3ssM3!

ip nhrp map multicast *.*.*.*

ip nhrp map 172.19.3.1 *.*.*.*

ip nhrp network-id 93

ip nhrp holdtime 300

ip nhrp nhs 172.19.3.1

ip route-cache flow

delay 1000

tunnel source GigabitEthernet0/1

tunnel mode gre multipoint

tunnel key 174390

!

interface GigabitEthernet0/0

description LAN

ip address 10.96.1.1 255.255.255.0 secondary

ip address 10.96.10.1 255.255.255.0 secondary

ip address 192.168.206.1 255.255.255.0

ip access-group pitbow-mail in

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip policy route-map PBR-G0/0

load-interval 30

duplex auto

speed auto

!

interface GigabitEthernet0/1

bandwidth 40000

ip address 12.248.235.226 255.255.255.252

ip access-group Outside_In in

ip nat outside

ip inspect Internet out

ip virtual-reassembly

ip route-cache flow

load-interval 30

duplex full

speed 100

traffic-shape rate 40000000 500000 500000 1000

!

interface Serial0/0/0

no ip address

encapsulation frame-relay

ip route-cache flow

no ip mroute-cache

load-interval 30

frame-relay lmi-type ansi

service-policy output XXX

!

interface Serial0/0/0.100 point-to-point

ip address 206.115.52.214 255.255.255.252

no cdp enable

frame-relay interface-dlci 115 IETF

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

router bgp 65178

no synchronization

bgp log-neighbor-changes

network 10.96.1.0 mask 255.255.255.0

network 192.168.206.0

neighbor 172.19.2.1 remote-as 65178

neighbor 172.19.2.1 description mtcbwr001

neighbor 172.19.2.1 route-map SetBGPPref in

neighbor 172.19.2.1 route-map OnlyLocal out

neighbor 172.19.2.230 remote-as 65178

neighbor 172.19.2.230 description Springfield

neighbor 172.19.2.230 route-map BGPPrefSpring in

neighbor 172.19.2.230 route-map OnlyLocal out

neighbor 172.19.3.1 remote-as 65178

neighbor 172.19.3.1 description AGSInternet_2811

neighbor 172.19.3.1 route-map InternetRoute in

neighbor 172.19.3.1 route-map OnlyLocal out

neighbor 206.115.52.213 remote-as 65000

neighbor 206.115.52.213 description Verizon PE

neighbor 206.115.52.213 route-map OnlyLocal out

no auto-summary

!

ip route 4.2.2.1 255.255.255.255 12.248.235.225

ip route 10.4.4.166 255.255.255.254 172.19.3.1

ip route 10.4.4.168 255.255.255.254 172.19.3.1

ip route 10.80.4.0 255.255.255.0 172.19.2.230

ip route 12.88.52.118 255.255.255.255 12.248.235.225

ip route 70.34.176.147 255.255.255.255 12.248.235.225

ip route 70.34.176.149 255.255.255.255 12.248.235.225

ip route 207.241.227.167 255.255.255.255 12.248.235.225

ip route 216.116.249.20 255.255.255.255 12.248.235.225

ip route 216.116.249.25 255.255.255.255 12.248.235.225

ip route 216.116.252.50 255.255.255.255 12.248.235.225

!

ip flow-export source GigabitEthernet0/0

ip flow-export version 9

ip flow-export destination 10.4.4.82 2055

ip flow-export destination 10.4.5.5 2055

!

no ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list NAT-OUT interface GigabitEthernet0/1 overload

ip tacacs source-interface GigabitEthernet0/0

!

ip access-list extended NAT-OUT

permit ip 192.168.206.0 0.0.0.255 host 70.34.176.147

permit ip 192.168.206.0 0.0.0.255 host 70.34.176.149

permit ip host 192.168.206.140 any

ip access-list extended Outside_In

permit icmp any any

remark Remote Troubleshooting

permit tcp host 216.116.252.50 any eq 22

remark VPN Connectivity

permit esp any any

permit gre any any

permit udp any any eq isakmp

permit icmp host 63.110.159.117 any

permit icmp host 216.116.252.50 any

permit icmp host 208.255.229.66 any

permit icmp host 157.130.160.46 any

remark For DHCP

permit udp any any eq bootpc

ip access-list extended PBR-Versa

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.0.0.0 0.255.255.255

deny ip any 216.116.224.0 0.0.31.255

permit ip host 192.168.206.140 any

deny ip any any

ip access-list extended Springfield-Citrix

permit ip host 192.168.206.11 192.168.207.0 0.0.0.255

ip access-list extended corporate-ftp

permit ip 192.168.206.0 0.0.0.255 host 216.116.253.21

ip access-list extended pitbow-mail

permit ip host 192.168.206.42 any log

permit ip any any

!

logging 10.4.4.158

access-list 1 permit 192.168.206.0 0.0.0.255

access-list 1 permit 10.96.1.0 0.0.0.255

access-list 2 permit 192.168.206.27

snmp-server community

snmp-server ifindex persist

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps vrrp

snmp-server enable traps ds1

snmp-server enable traps tty

snmp-server enable traps eigrp

snmp-server enable traps xgcp

snmp-server enable traps flash insertion removal

snmp-server enable traps ds3

snmp-server enable traps envmon

snmp-server enable traps icsudsu

snmp-server enable traps isdn call-information

snmp-server enable traps isdn layer2

snmp-server enable traps isdn chan-not-avail

snmp-server enable traps isdn ietf

snmp-server enable traps ds0-busyout

snmp-server enable traps ds1-loopback

snmp-server enable traps atm subif

snmp-server enable traps bgp

snmp-server enable traps bulkstat collection transfer

snmp-server enable traps cnpd

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps dial

snmp-server enable traps dsp card-status

snmp-server enable traps entity

snmp-server enable traps event-manager

snmp-server enable traps frame-relay

snmp-server enable traps frame-relay subif

snmp-server enable traps hsrp

snmp-server enable traps ipmobile

snmp-server enable traps ipmulticast

snmp-server enable traps mpls ldp

snmp-server enable traps mpls traffic-eng

snmp-server enable traps mpls vpn

snmp-server enable traps msdp

snmp-server enable traps mvpn

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

snmp-server enable traps ospf cisco-specific state-change shamlink interface-old

snmp-server enable traps ospf cisco-specific state-change shamlink neighbor

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message

snmp-server enable traps pppoe

snmp-server enable traps cpu threshold

snmp-server enable traps rsvp

snmp-server enable traps rtr

snmp-server enable traps syslog

snmp-server enable traps l2tun session

snmp-server enable traps vsimaster

snmp-server enable traps vtp

snmp-server enable traps isakmp policy add

snmp-server enable traps isakmp policy delete

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server enable traps voice poor-qov

snmp-server enable traps voice fallback

snmp-server enable traps dnis

snmp-server host 10.4.5.6 fred

!

route-map PBR-G0/0 permit 10

match ip address corporate-ftp

set ip next-hop 172.19.3.1

!

route-map PBR-G0/0 permit 20

match ip address PBR-Versa

set ip next-hop 12.248.235.225

!

route-map SetBGPPref permit 10

set ip next-hop 172.19.2.1

set local-preference 75

!

route-map BGPPrefSpring permit 10

set ip next-hop 172.19.2.230

set local-preference 130

!

route-map InternetRoute permit 10

set ip next-hop 172.19.3.1

set local-preference 125

!

route-map OnlyLocal permit 10

match ip address 1

subramaniyakarthic · ‎07-19-2012

A simple solution would be to add a host static route out of the tunnel - ip route 10.4.4.220 255.255.255.255. tu 3

-K

Kesar123456 · ‎07-20-2012

I did tried to add static route, but it is not working.