cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4192
Views
185
Helpful
26
Replies

Dual Internet connection on a Cisco 2900

olufemi.bakare
Level 1
Level 1

I have 2 locations in Nigeria, Lagos and abuja. I wan to share implement 2 internet connections on the 2 cisco routers, one per location.  How do i go about it?



Below is the config of the 1st router in location 1:


Building configuration...


Current configuration : 8814 bytes

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname r_boyle

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 $1$x8Ca$zIFk5rmcw4l7117SvgsRz.

enable password networkadmin

!

aaa new-model

!

!

aaa authentication login default local

!

!

!

!

!

aaa session-id common

clock timezone GMT 1 0

!

no ipv6 cef

ip source-route

ip cef

!

!

!

no ip dhcp use vrf connected

no ip dhcp conflict logging

ip dhcp excluded-address 192.168.13.1 192.168.13.140

ip dhcp excluded-address 192.168.13.182

ip dhcp excluded-address 192.168.13.189

ip dhcp excluded-address 192.168.13.191

ip dhcp excluded-address 192.168.13.176

ip dhcp excluded-address 192.168.13.161

ip dhcp excluded-address 192.168.13.37

ip dhcp excluded-address 192.168.13.183

!

ip dhcp pool Boyle

network 192.168.13.0 255.255.255.0

default-router 192.168.13.1

dns-server 62.173.32.89 62.173.34.222

domain-name resort.local

lease 3

!

ip dhcp pool mainserver

host 192.168.13.23 255.255.255.0

!

!

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

license udi pid CISCO2911/K9 sn FTX1613ALQG

!

!

!

!

!

class-map match-any SOCIAL_NET

match protocol http host "www.facebook.com"

match protocol http host "facebook.com"

match protocol http host "gmail.com"

match protocol http host "yahoo.com"

!

!

policy-map DROP_SOCIAL_NET

class SOCIAL_NET

  drop

!

!

!

!

!

interface Loopback1

ip address 62.173.38.206 255.255.255.255

!

interface Loopback2

ip address 10.163.106.152 255.255.255.255

!

interface Tunnel0

description to fie

ip address 172.17.60.1 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

tunnel destination 192.168.163.123

!

interface Tunnel2

description tunnel to headoffice

ip address 172.17.12.1 255.255.255.252

tunnel source 10.163.106.152

tunnel destination 192.168.164.123

!

interface Tunnel8

description tunnel to abuja

ip address 172.18.11.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

tunnel destination 10.163.170.110

!

interface Tunnel9

description Tunnel to Aluminium

ip address 172.19.11.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

tunnel destination 192.168.163.166

!

interface Tunnel11

description tunnel to ikeja

ip address 172.20.13.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

tunnel destination 192.168.164.242

!

interface Tunnel12

description tunnel to lekki

ip address 172.20.14.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

tunnel destination 192.168.164.236

!

interface Tunnel16

description Tunnel to Garki

ip address 172.12.13.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

tunnel destination 192.168.180.94

!

interface Tunnel17

description Tunnel to PH

ip address 172.28.12.1 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

!

interface Tunnel77

description Tunnel to PHh

ip address 172.17.80.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

tunnel destination 10.60.19.98

!

interface Tunnel78

description Tunnel to wimax_abj

ip address 172.17.46.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

tunnel source 10.163.106.152

tunnel destination 10.60.17.110

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description WAN interface

ip address 172.16.64.180 255.255.255.248

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

load-interval 30

duplex auto

speed auto

!

interface GigabitEthernet0/1

description LAN interface

ip address 192.168.13.1 255.255.0.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

service-policy output DROP_SOCIAL_NET

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

!

router eigrp 25

network 10.0.0.0

network 172.16.0.0

network 192.168.1.0

network 192.168.13.0

network 192.168.15.0

network 192.168.18.0

network 192.168.19.0

network 192.168.24.0

!

router rip

network 192.168.13.0

no auto-summary

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 8 interface Loopback1 overload

ip nat inside source static 192.168.13.37 62.173.38.40

ip route 0.0.0.0 0.0.0.0 172.16.64.177

ip route 10.163.0.0 255.255.0.0 10.163.106.1

ip route 10.163.0.0 255.255.0.0 10.60.18.137

ip route 10.163.106.0 255.255.255.0 10.163.192.1

ip route 10.163.106.0 255.255.255.0 10.60.18.137

ip route 10.163.106.0 255.255.255.0 10.163.170.1

ip route 10.163.106.0 255.255.255.0 10.60.17.109

ip route 10.163.106.0 255.255.255.0 10.60.19.97

ip route 62.173.38.40 255.255.255.255 GigabitEthernet0/0

ip route 62.173.38.41 255.255.255.255 GigabitEthernet0/0

ip route 62.173.38.206 255.255.255.255 GigabitEthernet0/1

ip route 172.16.3.0 255.255.255.0 10.163.106.1

ip route 172.16.6.0 255.255.255.0 10.163.106.1

ip route 172.16.19.30 255.255.255.255 10.163.106.1

ip route 192.168.10.0 255.255.255.0 172.17.60.2

ip route 192.168.11.0 255.255.255.0 172.19.11.1

ip route 192.168.12.0 255.255.255.0 172.17.12.2

ip route 192.168.14.0 255.255.255.0 172.18.11.1

ip route 192.168.16.0 255.255.255.0 172.20.13.1

ip route 192.168.17.0 255.255.255.0 172.20.14.1

ip route 192.168.19.0 255.255.255.0 172.12.13.1

ip route 192.168.20.0 255.255.255.0 172.28.12.2

ip route 192.168.21.0 255.255.255.0 172.17.2.1

ip route 192.168.21.0 255.255.255.0 172.17.2.2

ip route 192.168.22.0 255.255.255.0 172.17.80.1

ip route 192.168.23.0 255.255.255.0 172.17.46.1

ip route 192.168.27.0 255.255.255.0 172.27.17.2

ip route 192.168.101.0 255.255.255.0 172.17.20.2

ip route 192.168.163.0 255.255.255.0 10.163.106.1

ip route 192.168.163.0 255.255.255.0 172.16.64.177

ip route 192.168.163.0 255.255.255.255 172.16.64.177

ip route 192.168.164.0 255.255.255.0 10.163.106.1

ip route 192.168.164.0 255.255.255.0 172.16.64.177

ip route 192.168.170.0 255.255.255.0 10.163.106.1

ip route 192.168.180.0 255.255.255.0 10.163.106.1

!

access-list 8 deny   192.168.13.37

access-list 8 permit 192.168.13.0 0.0.0.255

access-list 8 permit 192.168.18.0 0.0.0.255

access-list 8 permit 192.168.19.0 0.0.0.255

access-list 8 permit 192.168.20.0 0.0.0.255

access-list 8 permit 192.168.21.0 0.0.0.255

access-list 8 permit 192.168.17.0 0.0.0.255

access-list 8 permit 192.168.15.0 0.0.0.255

access-list 8 permit 192.168.14.0 0.0.0.255

access-list 8 permit 192.168.11.0 0.0.0.255

access-list 8 permit 192.168.10.0 0.0.0.255

access-list 8 permit 192.168.23.0 0.0.0.255

access-list 8 permit 192.168.22.0 0.0.0.255

access-list 8 permit 192.168.16.0 0.0.0.255

access-list 8 permit 192.168.24.0 0.0.0.255

access-list 101 permit gre host 10.163.106.152 host 192.168.163.123

access-list 102 permit gre host 10.163.106.152 host 192.168.164.123

access-list 104 permit gre host 10.163.106.152 host 192.168.163.166

access-list 109 permit gre host 10.163.106.152 host 10.163.170.110

access-list 120 permit gre host 10.163.106.152 host 172.16.3.66

access-list 121 permit gre host 10.163.106.152 host 192.168.164.242

access-list 122 permit gre host 10.163.106.152 host 192.168.164.236

access-list 123 permit gre host 10.163.106.152 host 172.16.19.30

access-list 124 permit gre host 10.163.106.152 host 192.168.180.94

access-list 125 permit gre host 10.163.106.152 host 192.168.170.23

access-list 139 permit gre host 172.16.64.177 host 10.163.170.110

access-list 140 permit gre host 172.16.64.177 host 172.16.3.66

access-list 141 permit gre host 172.16.64.177 host 192.168.163.123

access-list 142 permit gre host 172.16.64.177 host 192.168.164.123

access-list 144 permit gre host 172.16.64.177 host 192.168.163.166

access-list 151 permit gre host 172.16.64.177 host 192.168.164.242

access-list 152 permit gre host 172.16.64.177 host 192.168.164.236

access-list 153 permit gre host 172.16.64.177 host 172.16.19.30

access-list 154 permit gre host 172.16.64.177 host 192.168.180.94

access-list 155 permit gre host 172.16.64.177 host 192.168.170.23

!

no cdp run

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password networkadmin

transport input all

!

scheduler allocate 20000 1000

ntp logging

end



The 2nd location's router config is:


Building configuration...


Current configuration : 1803 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname resort_Wimax_GARKI

!

boot-start-marker

boot config flash:flash

boot-end-marker

!

!

no aaa new-model

!

!

ip cef

no ip dhcp use vrf connected

no ip dhcp conflict logging

ip dhcp excluded-address 192.168.23.1 192.168.23.20

!

ip dhcp pool wimax_garki

   network 192.168.23.0 255.255.255.0

   domain-name resort.com

   dns-server 62.173.34.222 62.173.32.89

   default-router 192.168.22.1

   lease 3

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

voice-card 0

no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Tunnel1

description tunnel to boyle

ip address 172.17.46.1 255.255.255.252

ip mtu 1340

ip tcp adjust-mss 1340

tunnel source FastEthernet0/0

tunnel destination 10.163.106.152

!

interface FastEthernet0/0

description WAN interface

ip address 10.60.17.110 255.255.255.252

ip nat outside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0/1

description LAN interface

ip address 192.168.23.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Tunnel1

ip route 10.163.106.0 255.255.255.0 10.60.17.109

ip route 10.163.170.0 255.255.255.255 10.60.17.109

ip route 172.16.64.177 255.255.255.255 10.60.17.109

ip route 192.168.13.0 255.255.255.0 172.17.46.2

!

!

no ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line vty 0 4

login local

!

scheduler allocate 20000 1000

!

end



I have an existing internet connection(IPNX) and a new connection(IS) to the internet that i want to integrate. On the Lagos router, i tried implementing PBR with SLA thus:


<span style="color: #993366;" mcestyle="color: #993366;">interface GigabitEthernet0/1

<span style="color: #993366;" mcestyle="color: #993366;">ip policy route-map PBR  




<span style="color: #993366;" mcestyle="color: #993366;">interface GigabitEthernet0/0

<span style="color: #993366;" mcestyle="color: #993366;">description To IPNX

<span style="color: #993366;" mcestyle="color: #993366;">!

<span style="color: #993366;" mcestyle="color: #993366;">interface GigabitEthernet0/2


<span style="color: #993366;" mcestyle="color: #993366;">description To IS

<span style="color: #993366;" mcestyle="color: #993366;">ip address 197.156.206.172 255.255.255.248

<span style="color: #993366;" mcestyle="color: #993366;">ip nat outside



<span style="color: #993366;" mcestyle="color: #993366;">ip sla 1

<span style="color: #993366;" mcestyle="color: #993366;">icmp-echo 172.16.64.177

<span style="color: #993366;" mcestyle="color: #993366;">timeout 500

<span style="color: #993366;" mcestyle="color: #993366;">frequency 1

<span style="color: #993366;" mcestyle="color: #993366;">ip sla schedule 1 life forever start-time now



<span style="color: #993366;" mcestyle="color: #993366;">ip sla 2

<span style="color: #993366;" mcestyle="color: #993366;">icmp-echo 197.156.206.169

<span style="color: #993366;" mcestyle="color: #993366;">timeout 5000

<span style="color: #993366;" mcestyle="color: #993366;">frequency 5

<span style="color: #993366;" mcestyle="color: #993366;">ip sla schedule 2 life forever start-time now




<span style="color: #993366;" mcestyle="color: #993366;">track 10 ip sla 1 reachability

<span style="color: #993366;" mcestyle="color: #993366;">delay down 1 up 1

<span style="color: #993366;" mcestyle="color: #993366;">!

<span style="color: #993366;" mcestyle="color: #993366;">track 20 ip sla 2 reachability

<span style="color: #993366;" mcestyle="color: #993366;">delay down 1 up 1

<span style="color: #993366;" mcestyle="color: #993366;">!



<span style="color: #993366;" mcestyle="color: #993366;">ip route 0.0.0.0 0.0.0.0 172.16.64.177 track 10

<span style="color: #993366;" mcestyle="color: #993366;">ip route 0.0.0.0 0.0.0.0 197.156.206.169 track 20



<span style="color: #993366;" mcestyle="color: #993366;">access-list 10 permit 192.168.13.0 0.0.0.255

<span style="color: #993366;" mcestyle="color: #993366;">access-list 100 permit ip any any

<span style="color: #993366;" mcestyle="color: #993366;">access-list 150 permit ip any any




<span style="color: #993366;" mcestyle="color: #993366;">these ACLs will be used with PBR and NATing




<span style="color: #993366;" mcestyle="color: #993366;">route-map PBR permit 10

<span style="color: #993366;" mcestyle="color: #993366;">match ip address 100

<span style="color: #993366;" mcestyle="color: #993366;">set ip next-hop verify-availability 172.16.64.177 1 track 20

<span style="color: #993366;" mcestyle="color: #993366;">!

<span style="color: #993366;" mcestyle="color: #993366;">route-map PBR permit 30

<span style="color: #993366;" mcestyle="color: #993366;">match ip address 150

<span style="color: #993366;" mcestyle="color: #993366;">set ip next-hop verify-availability 197.156.206.169 2 track 10

<span style="color: #993366;" mcestyle="color: #993366;">!



<span style="color: #993366;" mcestyle="color: #993366;">route-map ISP2 permit 10

<span style="color: #993366;" mcestyle="color: #993366;">match ip address 10

<span style="color: #993366;" mcestyle="color: #993366;">match interface GigabitEthernet0/2

<span style="color: #993366;" mcestyle="color: #993366;">!

<span style="color: #993366;" mcestyle="color: #993366;">route-map ISP1 permit 10

<span style="color: #993366;" mcestyle="color: #993366;">match ip address 10

<span style="color: #993366;" mcestyle="color: #993366;">match interface GigabitEthernet0/0




<span style="color: #993366;" mcestyle="color: #993366;">ip nat inside source route-map ISP1 interface GigabitEthernet0/0 overload

<span style="color: #993366;" mcestyle="color: #993366;">ip nat inside source route-map ISP2 interface GigabitEthernet0/2 overload



<span style="font-size: 14pt; color: #ff0000;" mcestyle="font-size: 14pt; color: #ff0000;">pls can anyone review my config and verify for me?



26 Replies 26

The problem with using 2 default static routes is with the public IP address. If you are using a public IP that belongs to IPNX, your other ISP won't route it.

Are both of these connections for internet access?

All of your GRE tunnels have private addressing. How is your IPNX connection set up, private MPLS?

yes, they are for internet access. IPNX is set up as a private MPLS. Does that mean i can route my GRE tunnels thhrough the IS LINK?

No, the GRE tunnels won't work over the new internet link, nor would you want them to. GRE is generic routing encapsulation so there is no security involved.

Everything is set up to use private IP addresses which IPNX is properly routing on their backbone. Unless each office has a different internet link, they won't be able to get back to you outside of the IPNX network, even if you reconfigured the tunnels.

What was the goal of getting the extra internet link?

The aim is to have a back up whic is IS, and then later fully migrate to IS because IPNX has too much downtime. so i want to intergrate IS in to the network as a failover backup for IPNX. and then later on yank off IPNX.

Is the new IS network MPLS also or just internet?

Just confirmed from my boss now. its MPLS, data services only. No internet service yet. Its just to give a backup connectivity from Abuja to Boyle router.

https://secure.join.me/692-758-161

kindly click the link and log on to my system.

you there?

waiting for you. plssssssssssssssssssssss. wanna implement tonyt before leaving office. its 8:23pm here.

new link. That link timed out. 

https://secure.join.me/490-276-681

Hi,

You want us to connect to your router and do the job for you ??

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

yes sir @ Cadet.....its called lending an helping hand. PLssssssssssssssssszzzzzzzzzzzzzzzz

Hi,

send me a pm and describe exactly what you want to achieve

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: