Solved: adding fallback internet link

rsaravan · ‎06-16-2022

we have a cisco router with a dialer interface to the internet (ISP authentication configured at the dialer interface)

I want to add a fallback link to the internet which will be a LTE modem. The modem does the ISP authentication and so it is just enough for the cisco to forward the traffic to this modem via the interface.

I'm going to setup tracker on the primary default route to switchover to the higher weighed second default route towards the LTE modem in case of a link failure.

Before testing that setup, I want to first verify if I can reach internet using this LTE modem interface via the router.

From the cisco, I can ping the modem's IP address via this source interface but I can't ping any internet IP addresses.

The interface towards the modem has an

access-group

set to allow all traffic.

To prove any fault on the modem, I tried connecting a pfsense router to another port of this modem and able to access internet from a host connected to the pfsense.

Any idea why this is not working and where should I look for clues?

Sorry if the information is too vague for any suggestions but happy to provide any additional information if needed.

paul driver · ‎06-16-2022

Hello

Nat- dual isp 




route-map ISP1

match ip address (nat acl)

match interface (isp1 wan)




route-map ISP2

match ip address (nat acl)

match interface (isp2 wan)




ip nat inside source route-map ISP1 interface (isp1)

io nat inside source route-map ISP2  interface (isp2)




ip nat exclude-address (static nat inside nat addressing)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

balaji.bandi · ‎06-16-2022

Can you post the configuration, have you configured

ip nat outside

and NAT policies.

how are you testing now, by default your traffic may go via active link, you may need PBR for testing with test IP range make sure other internet link working.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

rsaravan · ‎06-16-2022

Below is the config related to the interface that I newly added

interface GigabitEthernet0/0/3
description Internet LTE Interface for fallback routing
ip address 192.168.1.10 255.255.255.0
no ip redirects
ip nat outside
ip access-group no-public-ssh in

The access group "no-public-ssh" is the only group present in the dialer interface and has the following entries

ip access-list extended no-public-ssh
deny tcp any host x.x.x.x eq 22
permit ip any any

Below are the default routes:

ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.254 10

I'm testing by simply pinging using the below syntax

pinging the internet ip doesn't work

443101#ping 1.1.1.1 source 192.168.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.10
.....
Success rate is 0 percent (0/5)

But pinging the modem ip works

443101#ping 192.168.1.254 source 192.168.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

The LTE modem has NAT enabled

should I add any NAT rules?

It might take a while to scan and remove any sensitive information before posting the full config but will try my best to paste any relevant sections

balaji.bandi · ‎06-16-2022

how is your NAT Rule. i believe you have default NAT rule using exiting Link by default, until you have some PBR in place to route the traffic to standby link as mentioned earlier.

we need to have full config (removing sensitive information) - what IP you trying to reach internet, which was not working ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

rsaravan · ‎06-16-2022

Below are the lines I find related to nat

ip nat inside source static tcp x.x.x.x 110 interface Dialer0 110
ip nat inside source static tcp y.y.y.y 25 interface Dialer0 2525
ip nat inside source static udp z.z.z.z 1194 interface Dialer0 30001
ip nat inside source route-map NAT_Exempt interface Dialer0 overload

should I replicate the last line for the LTE modem interface?

The internet address I'm trying to ping is 1.1.1.1 which is responding when I try via Dialer0 but not via the LTE modem.

paul driver · ‎06-16-2022

Hello

Ca you post the running configuarion of the router please into a txt file and attach it to your post?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Flavio Miranda · ‎06-16-2022

Hi

If you share the router "show run" will be easier but I think the problem can be NAT. You probably have NAT on the currently Internet link and you need to configure NAT on the second link as well. Otherwise, your local routers IP address will be sent to the internet and will be dropped.

On the interface used to LTE, add:

ip nat outside

I

paul driver · ‎06-16-2022

Hello

Nat- dual isp 




route-map ISP1

match ip address (nat acl)

match interface (isp1 wan)




route-map ISP2

match ip address (nat acl)

match interface (isp2 wan)




ip nat inside source route-map ISP1 interface (isp1)

io nat inside source route-map ISP2  interface (isp2)




ip nat exclude-address (static nat inside nat addressing)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

rsaravan · ‎06-16-2022

Thanks Paul.

That really helped and I could get the interface working for internet access!