11-13-2013 04:19 PM - edited 03-04-2019 09:34 PM
I have 2 locations in Nigeria, Lagos and abuja. I wan to share implement 2 internet connections on the 2 cisco routers, one per location. How do i go about it?
Below is the config of the 1st router in location 1:
Building configuration...
Current configuration : 8814 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r_boyle
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$x8Ca$zIFk5rmcw4l7117SvgsRz.
enable password networkadmin
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
clock timezone GMT 1 0
!
no ipv6 cef
ip source-route
ip cef
!
!
!
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.13.1 192.168.13.140
ip dhcp excluded-address 192.168.13.182
ip dhcp excluded-address 192.168.13.189
ip dhcp excluded-address 192.168.13.191
ip dhcp excluded-address 192.168.13.176
ip dhcp excluded-address 192.168.13.161
ip dhcp excluded-address 192.168.13.37
ip dhcp excluded-address 192.168.13.183
!
ip dhcp pool Boyle
network 192.168.13.0 255.255.255.0
default-router 192.168.13.1
dns-server 62.173.32.89 62.173.34.222
domain-name resort.local
lease 3
!
ip dhcp pool mainserver
host 192.168.13.23 255.255.255.0
!
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2911/K9 sn FTX1613ALQG
!
!
!
!
!
class-map match-any SOCIAL_NET
match protocol http host "www.facebook.com"
match protocol http host "facebook.com"
match protocol http host "gmail.com"
match protocol http host "yahoo.com"
!
!
policy-map DROP_SOCIAL_NET
class SOCIAL_NET
drop
!
!
!
!
!
interface Loopback1
ip address 62.173.38.206 255.255.255.255
!
interface Loopback2
ip address 10.163.106.152 255.255.255.255
!
interface Tunnel0
description to fie
ip address 172.17.60.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
tunnel destination 192.168.163.123
!
interface Tunnel2
description tunnel to headoffice
ip address 172.17.12.1 255.255.255.252
tunnel source 10.163.106.152
tunnel destination 192.168.164.123
!
interface Tunnel8
description tunnel to abuja
ip address 172.18.11.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
tunnel destination 10.163.170.110
!
interface Tunnel9
description Tunnel to Aluminium
ip address 172.19.11.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
tunnel destination 192.168.163.166
!
interface Tunnel11
description tunnel to ikeja
ip address 172.20.13.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
tunnel destination 192.168.164.242
!
interface Tunnel12
description tunnel to lekki
ip address 172.20.14.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
tunnel destination 192.168.164.236
!
interface Tunnel16
description Tunnel to Garki
ip address 172.12.13.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
tunnel destination 192.168.180.94
!
interface Tunnel17
description Tunnel to PH
ip address 172.28.12.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
!
interface Tunnel77
description Tunnel to PHh
ip address 172.17.80.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
tunnel destination 10.60.19.98
!
interface Tunnel78
description Tunnel to wimax_abj
ip address 172.17.46.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
tunnel source 10.163.106.152
tunnel destination 10.60.17.110
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN interface
ip address 172.16.64.180 255.255.255.248
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN interface
ip address 192.168.13.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
service-policy output DROP_SOCIAL_NET
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
!
router eigrp 25
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
network 192.168.13.0
network 192.168.15.0
network 192.168.18.0
network 192.168.19.0
network 192.168.24.0
!
router rip
network 192.168.13.0
no auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 8 interface Loopback1 overload
ip nat inside source static 192.168.13.37 62.173.38.40
ip route 0.0.0.0 0.0.0.0 172.16.64.177
ip route 10.163.0.0 255.255.0.0 10.163.106.1
ip route 10.163.0.0 255.255.0.0 10.60.18.137
ip route 10.163.106.0 255.255.255.0 10.163.192.1
ip route 10.163.106.0 255.255.255.0 10.60.18.137
ip route 10.163.106.0 255.255.255.0 10.163.170.1
ip route 10.163.106.0 255.255.255.0 10.60.17.109
ip route 10.163.106.0 255.255.255.0 10.60.19.97
ip route 62.173.38.40 255.255.255.255 GigabitEthernet0/0
ip route 62.173.38.41 255.255.255.255 GigabitEthernet0/0
ip route 62.173.38.206 255.255.255.255 GigabitEthernet0/1
ip route 172.16.3.0 255.255.255.0 10.163.106.1
ip route 172.16.6.0 255.255.255.0 10.163.106.1
ip route 172.16.19.30 255.255.255.255 10.163.106.1
ip route 192.168.10.0 255.255.255.0 172.17.60.2
ip route 192.168.11.0 255.255.255.0 172.19.11.1
ip route 192.168.12.0 255.255.255.0 172.17.12.2
ip route 192.168.14.0 255.255.255.0 172.18.11.1
ip route 192.168.16.0 255.255.255.0 172.20.13.1
ip route 192.168.17.0 255.255.255.0 172.20.14.1
ip route 192.168.19.0 255.255.255.0 172.12.13.1
ip route 192.168.20.0 255.255.255.0 172.28.12.2
ip route 192.168.21.0 255.255.255.0 172.17.2.1
ip route 192.168.21.0 255.255.255.0 172.17.2.2
ip route 192.168.22.0 255.255.255.0 172.17.80.1
ip route 192.168.23.0 255.255.255.0 172.17.46.1
ip route 192.168.27.0 255.255.255.0 172.27.17.2
ip route 192.168.101.0 255.255.255.0 172.17.20.2
ip route 192.168.163.0 255.255.255.0 10.163.106.1
ip route 192.168.163.0 255.255.255.0 172.16.64.177
ip route 192.168.163.0 255.255.255.255 172.16.64.177
ip route 192.168.164.0 255.255.255.0 10.163.106.1
ip route 192.168.164.0 255.255.255.0 172.16.64.177
ip route 192.168.170.0 255.255.255.0 10.163.106.1
ip route 192.168.180.0 255.255.255.0 10.163.106.1
!
access-list 8 deny 192.168.13.37
access-list 8 permit 192.168.13.0 0.0.0.255
access-list 8 permit 192.168.18.0 0.0.0.255
access-list 8 permit 192.168.19.0 0.0.0.255
access-list 8 permit 192.168.20.0 0.0.0.255
access-list 8 permit 192.168.21.0 0.0.0.255
access-list 8 permit 192.168.17.0 0.0.0.255
access-list 8 permit 192.168.15.0 0.0.0.255
access-list 8 permit 192.168.14.0 0.0.0.255
access-list 8 permit 192.168.11.0 0.0.0.255
access-list 8 permit 192.168.10.0 0.0.0.255
access-list 8 permit 192.168.23.0 0.0.0.255
access-list 8 permit 192.168.22.0 0.0.0.255
access-list 8 permit 192.168.16.0 0.0.0.255
access-list 8 permit 192.168.24.0 0.0.0.255
access-list 101 permit gre host 10.163.106.152 host 192.168.163.123
access-list 102 permit gre host 10.163.106.152 host 192.168.164.123
access-list 104 permit gre host 10.163.106.152 host 192.168.163.166
access-list 109 permit gre host 10.163.106.152 host 10.163.170.110
access-list 120 permit gre host 10.163.106.152 host 172.16.3.66
access-list 121 permit gre host 10.163.106.152 host 192.168.164.242
access-list 122 permit gre host 10.163.106.152 host 192.168.164.236
access-list 123 permit gre host 10.163.106.152 host 172.16.19.30
access-list 124 permit gre host 10.163.106.152 host 192.168.180.94
access-list 125 permit gre host 10.163.106.152 host 192.168.170.23
access-list 139 permit gre host 172.16.64.177 host 10.163.170.110
access-list 140 permit gre host 172.16.64.177 host 172.16.3.66
access-list 141 permit gre host 172.16.64.177 host 192.168.163.123
access-list 142 permit gre host 172.16.64.177 host 192.168.164.123
access-list 144 permit gre host 172.16.64.177 host 192.168.163.166
access-list 151 permit gre host 172.16.64.177 host 192.168.164.242
access-list 152 permit gre host 172.16.64.177 host 192.168.164.236
access-list 153 permit gre host 172.16.64.177 host 172.16.19.30
access-list 154 permit gre host 172.16.64.177 host 192.168.180.94
access-list 155 permit gre host 172.16.64.177 host 192.168.170.23
!
no cdp run
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password networkadmin
transport input all
!
scheduler allocate 20000 1000
ntp logging
end
The 2nd location's router config is:
Building configuration...
Current configuration : 1803 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname resort_Wimax_GARKI
!
boot-start-marker
boot config flash:flash
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.23.1 192.168.23.20
!
ip dhcp pool wimax_garki
network 192.168.23.0 255.255.255.0
domain-name resort.com
dns-server 62.173.34.222 62.173.32.89
default-router 192.168.22.1
lease 3
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
description tunnel to boyle
ip address 172.17.46.1 255.255.255.252
ip mtu 1340
ip tcp adjust-mss 1340
tunnel source FastEthernet0/0
tunnel destination 10.163.106.152
!
interface FastEthernet0/0
description WAN interface
ip address 10.60.17.110 255.255.255.252
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN interface
ip address 192.168.23.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Tunnel1
ip route 10.163.106.0 255.255.255.0 10.60.17.109
ip route 10.163.170.0 255.255.255.255 10.60.17.109
ip route 172.16.64.177 255.255.255.255 10.60.17.109
ip route 192.168.13.0 255.255.255.0 172.17.46.2
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
login local
!
scheduler allocate 20000 1000
!
end
I have an existing internet connection(IPNX) and a new connection(IS) to the internet that i want to integrate. On the Lagos router, i tried implementing PBR with SLA thus:
<span style="color: #993366;" mcestyle="color: #993366;">interface GigabitEthernet0/1
<span style="color: #993366;" mcestyle="color: #993366;">ip policy route-map PBR
<span style="color: #993366;" mcestyle="color: #993366;">interface GigabitEthernet0/0
<span style="color: #993366;" mcestyle="color: #993366;">description To IPNX
<span style="color: #993366;" mcestyle="color: #993366;">!
<span style="color: #993366;" mcestyle="color: #993366;">interface GigabitEthernet0/2
<span style="color: #993366;" mcestyle="color: #993366;">description To IS
<span style="color: #993366;" mcestyle="color: #993366;">ip address 197.156.206.172 255.255.255.248
<span style="color: #993366;" mcestyle="color: #993366;">ip nat outside
<span style="color: #993366;" mcestyle="color: #993366;">ip sla 1
<span style="color: #993366;" mcestyle="color: #993366;">icmp-echo 172.16.64.177
<span style="color: #993366;" mcestyle="color: #993366;">timeout 500
<span style="color: #993366;" mcestyle="color: #993366;">frequency 1
<span style="color: #993366;" mcestyle="color: #993366;">ip sla schedule 1 life forever start-time now
<span style="color: #993366;" mcestyle="color: #993366;">ip sla 2
<span style="color: #993366;" mcestyle="color: #993366;">icmp-echo 197.156.206.169
<span style="color: #993366;" mcestyle="color: #993366;">timeout 5000
<span style="color: #993366;" mcestyle="color: #993366;">frequency 5
<span style="color: #993366;" mcestyle="color: #993366;">ip sla schedule 2 life forever start-time now
<span style="color: #993366;" mcestyle="color: #993366;">track 10 ip sla 1 reachability
<span style="color: #993366;" mcestyle="color: #993366;">delay down 1 up 1
<span style="color: #993366;" mcestyle="color: #993366;">!
<span style="color: #993366;" mcestyle="color: #993366;">track 20 ip sla 2 reachability
<span style="color: #993366;" mcestyle="color: #993366;">delay down 1 up 1
<span style="color: #993366;" mcestyle="color: #993366;">!
<span style="color: #993366;" mcestyle="color: #993366;">ip route 0.0.0.0 0.0.0.0 172.16.64.177 track 10
<span style="color: #993366;" mcestyle="color: #993366;">ip route 0.0.0.0 0.0.0.0 197.156.206.169 track 20
<span style="color: #993366;" mcestyle="color: #993366;">access-list 10 permit 192.168.13.0 0.0.0.255
<span style="color: #993366;" mcestyle="color: #993366;">access-list 100 permit ip any any
<span style="color: #993366;" mcestyle="color: #993366;">access-list 150 permit ip any any
<span style="color: #993366;" mcestyle="color: #993366;">these ACLs will be used with PBR and NATing
<span style="color: #993366;" mcestyle="color: #993366;">route-map PBR permit 10
<span style="color: #993366;" mcestyle="color: #993366;">match ip address 100
<span style="color: #993366;" mcestyle="color: #993366;">set ip next-hop verify-availability 172.16.64.177 1 track 20
<span style="color: #993366;" mcestyle="color: #993366;">!
<span style="color: #993366;" mcestyle="color: #993366;">route-map PBR permit 30
<span style="color: #993366;" mcestyle="color: #993366;">match ip address 150
<span style="color: #993366;" mcestyle="color: #993366;">set ip next-hop verify-availability 197.156.206.169 2 track 10
<span style="color: #993366;" mcestyle="color: #993366;">!
<span style="color: #993366;" mcestyle="color: #993366;">route-map ISP2 permit 10
<span style="color: #993366;" mcestyle="color: #993366;">match ip address 10
<span style="color: #993366;" mcestyle="color: #993366;">match interface GigabitEthernet0/2
<span style="color: #993366;" mcestyle="color: #993366;">!
<span style="color: #993366;" mcestyle="color: #993366;">route-map ISP1 permit 10
<span style="color: #993366;" mcestyle="color: #993366;">match ip address 10
<span style="color: #993366;" mcestyle="color: #993366;">match interface GigabitEthernet0/0
<span style="color: #993366;" mcestyle="color: #993366;">ip nat inside source route-map ISP1 interface GigabitEthernet0/0 overload
<span style="color: #993366;" mcestyle="color: #993366;">ip nat inside source route-map ISP2 interface GigabitEthernet0/2 overload
<span style="font-size: 14pt; color: #ff0000;" mcestyle="font-size: 14pt; color: #ff0000;">pls can anyone review my config and verify for me?
11-15-2013 08:12 AM
The problem with using 2 default static routes is with the public IP address. If you are using a public IP that belongs to IPNX, your other ISP won't route it.
Are both of these connections for internet access?
All of your GRE tunnels have private addressing. How is your IPNX connection set up, private MPLS?
11-15-2013 08:45 AM
yes, they are for internet access. IPNX is set up as a private MPLS. Does that mean i can route my GRE tunnels thhrough the IS LINK?
11-15-2013 09:23 AM
No, the GRE tunnels won't work over the new internet link, nor would you want them to. GRE is generic routing encapsulation so there is no security involved.
Everything is set up to use private IP addresses which IPNX is properly routing on their backbone. Unless each office has a different internet link, they won't be able to get back to you outside of the IPNX network, even if you reconfigured the tunnels.
What was the goal of getting the extra internet link?
11-15-2013 09:47 AM
The aim is to have a back up whic is IS, and then later fully migrate to IS because IPNX has too much downtime. so i want to intergrate IS in to the network as a failover backup for IPNX. and then later on yank off IPNX.
11-15-2013 09:56 AM
Is the new IS network MPLS also or just internet?
11-15-2013 10:00 AM
Just confirmed from my boss now. its MPLS, data services only. No internet service yet. Its just to give a backup connectivity from Abuja to Boyle router.
11-15-2013 10:01 AM
11-15-2013 11:23 AM
you there?
waiting for you. plssssssssssssssssssssss. wanna implement tonyt before leaving office. its 8:23pm here.
11-15-2013 10:41 AM
11-15-2013 01:00 PM
Hi,
You want us to connect to your router and do the job for you ??
Regards
Alain
Don't forget to rate helpful posts.
11-15-2013 01:20 PM
yes sir @ Cadet.....its called lending an helping hand. PLssssssssssssssssszzzzzzzzzzzzzzzz
11-15-2013 01:54 PM
Hi,
send me a pm and describe exactly what you want to achieve
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide