09-03-2014 03:57 AM - edited 03-04-2019 11:40 PM
Hello
I have the following issue with a Cisco 2811 router. I have two WAN connection ( fiber and ADSL ) and I want to make WAN load balancing
so I add two route : 0.0.0.0 0.0.0.0 dialer1 and 0.0.0.0 0.0.0.0 fa1 the problem is with fiber connection (fa1) in this configuration I can't ping WAN
from outside or use NAT on this connection. If I change default route's like this it's working but is not WAN load balancing : 0.0.0.0 0.0.0.0 dialer 150
0.0.0.0 0.0.0.0 fa1. Any idea.
09-03-2014 06:52 PM
My first idea is that having the default route point just to the physical interface is not a good thing to do. There are multiple problems starting with the fact that doing this requires that the next hop device support proxy arp. And the trend is increasingly that organizations are disabling proxy arp because of the security implications. Beyond that is the problem that it requires your router to arp for every remote destination. And to maintain the ARP table with all of the arp responses, which increases your memory consumption and the CPU processing of the router to do all of the arp processing.
There are also complications of how to do NAT when you have two active Internet connections.
And if you are using both a fiber connection and an ADSL connection you are trying to balance with a higher speed and a lower speed connection and there are issues with this.
HTH
Rick
09-05-2014 05:31 AM
Hi Richard
I come back with more details:
First I try to setup router with WAN failover like this:
route-map SDM_RMAP_1 permit 1
match ip address 101
match interface FastEthernet0/0
route-map SDM_RMAP_2 permit 1
match ip address 102
match interface Dialer1
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 172.26.60.0 0.0.0.255 any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 102 protocol ip permit
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer1 overload
ip nat inside source static tcp 10.0.0.1 25 x.x.x.x 25 route-map SDM_RMAP_1 extendable
ip route 0.0.0.0 0.0.0.0 x.x.x.x 150
ip route 0.0.0.0 0.0.0.0 y.y.y.y track 1
interface FastEthernet0/0
ip address x.x.x.x
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
crypto map SDM_CMAP_1
interface FastEthernet0/1
no ip address
ip mtu 1492
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ...............
ppp chap password 7 010109085702121F33434A0014524343
ppp pap sent-username .......... password 7 0614002D40471D091718160201537E7A
no cdp enable
crypto map SDM_CMAP_1
track timer interface 5
track 1 ip sla 1 reachability
delay down 15 up 10
ip sla 1
icmp-echo a.b.c.d source-interface y.y.y.y
timeout 5000
threshold 40
frequency 6000
ip sla schedule 1 life forever start-time now
And I want to achive the following results:
All computers from LAN use for internet connection y.y.y.y and if this failed use x.x.x.x and when come back y.y.y.y use this connection.
And I have one server with few services ( DNS, WWW, MAIL...) which must use just x.x.x.x connection if this failed dosen't matter if this services not working.
But with this configuration one thing not working i can't access from outside Mail server , DNS, WWW with x.x.x.x connection ( IP ) if I change default route like :
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 1
ip route 0.0.0.0 0.0.0.0 y.y.y.y 150
it's working
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: