cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
732
Views
0
Helpful
9
Replies

Cisco 2951 VSEC - Dual WAN redundancy/failover

Chris9811
Beginner
Beginner

Hello everyone,

 

i try to achieve with a Cisco 2951 a WAN redundancy/ failover. My Problem is that i have two different ISPs. 

One is a cable Provider and the other one is a DSL-Provider. 

I thought i can do it like it is described here: https://learningnetwork.cisco.com/docs/DOC-28612 .

But in my case that doesn't work. Only one ISP is reachable from outside. What i want is that both ISPs are reachable from outside. I tried a lot of configurations but i cant fin one that is working. So i hope someone here can help me out.

 

Here is my config:

track 1 ip sla 1 reachability
02.
delay down 10 up 10
03.
track 2 ip sla 2 reachability
04.
delay down 10 up 10
05.

06.
policy-map wan-queue-policy
07.
 class voip-class
08.
  priority percent 75
09.
 class class-default
10.
  fair-queue
11.
  random-detect
12.

13.
interface GigabitEthernet0/0
14.
 description WAN-Vodafone-Kabel
15.
 ip address dhcp
16.
 ip nat outside
17.
 ip virtual-reassembly in
18.
 zone-member security Internet
19.
 duplex auto
20.
 speed auto
21.
 no mop enabled
22.
 service-policy output wan-queue-policy
23.
 
24.
 
25.
interface GigabitEthernet0/1
26.
 ip address 192.168.83.254 255.255.255.0
27.
 no ip redirects
28.
 ip nat inside
29.
 ip virtual-reassembly in
30.
 zone-member security Trusted
31.
 duplex auto
32.
 speed auto
33.
 no mop enabled
34.
 service-policy input url-block-policy
35.
 
36.
 interface Ethernet0/0/0
37.
  no ip address
38.
  service-policy output wan-queue-policy
39.
 !
40.
 interface Ethernet0/0/0.7
41.
  encapsulation dot1Q 7
42.
  ip address dhcp
43.
  no ip redirects
44.
  no ip unreachables
45.
  no ip proxy-arp
46.
  ip mtu 1496
47.
  ip nat outside
48.
  ip virtual-reassembly in
49.
  zone-member security Internet
50.
  pppoe enable group global
51.
  pppoe-client dial-pool-number 1
52.
 
53.
 interface Dialer1
54.
  description WAN-Telekom VDSL
55.
  ip address negotiated
56.
  no ip redirects
57.
  no ip unreachables
58.
  ip flow ingress
59.
  ip nat outside
60.
  ip virtual-reassembly in
61.
  zone-member security Internet
62.
  encapsulation ppp
63.
  dialer pool 1
64.
  dialer-group 1
65.
  ppp authentication chap callin
66.
  ppp chap hostname 
67.
  ppp chap password 
68.
  no cdp enable
69.
  
70.
  ip sla 1
71.
   icmp-echo Next-Hop-IP-ISP1 source-interface GigabitEthernet0/0
72.
   threshold 2
73.
   timeout 1000
74.
   frequency 10
75.

76.
ip sla schedule 1 start-time now life forever 
77.
   
78.
  ip sla 2
79.
    icmp-echo Next-Hop-IP-ISP2 source-interface Dialer 1
80.
    threshold 2
81.
    timeout 1000
82.
    frequency 10
83.

84.
ip sla schedule 2 start-time now life forever 
85.
  
86.
  ip nat inside source route-map CABLE interface GigabitEthernet0/0 overload
87.
  ip nat inside source route-map VDSLV interface Dialer1 overload
88.
  
89.
  ip nat inside source static tcp 192.168.83.4 443 WAN-IP-ISP2 443 extendable
90.
  ip nat inside source static tcp 192.168.83.4 443 WAN-IP-ISP1 443 extendable
91.
  
92.
  ip route 0.0.0.0 0.0.0.0 gigabitehternet 0/0 Track 1  
93.
?? %Default route without gateway, if not a point-to-point interface, may impact performance ??
94.
  
95.
  ip route 0.0.0.0 0.0.0.0 Dialer 1 Track 2
96.
  
97.

98.
  route-map CABLE permit 10
99.
   match ip address 101 
100.
   match interface GigabitEthernet0/0
101.
   
102.
  route-map VDSLV permit 10
103.
   match ip adress 101
104.
   match interface Dialer 1
9 REPLIES 9

VIvanov
Beginner
Beginner

Are you trying to have both ISPs working at the same time? 

 

Generally this kind of set up only provides redundancy but not concurrent connection with both ISPs to a webserver. As the set up at the end only allows one static route.  If you are looking to have the webserver accessible from both paths you would need a more robust setup.

 

Also you should set the Admin distance on the routes to be higher for the less relevant path and only track the more relevant(bigger bandwidth) route that has a lower admin distance.

Thank you for your reply.

 

Yes i am trying to have both ISPs working at the same time. And if one of them is in a "failstate" i want use the other one. 

 

So can you give me a more robust setup?

 

I tried the Admin distance on the routes and it works perfect but only for failover.

Either two servers or two interfaces on the server would be the easiest solution, you could nat one interface to go out of the DSL and the other out of Cable.  Usually when you get into something like this you are looking for BGP dual homed IP ranges.

 

How are your users connecting to the webserver URL or IP?

Our Users are connected over a webserver URL to the our webserver.