Email notifications stopped working after adding 2nd ISP

Darren Spezio · ‎03-28-2016

e-mail notifications and scan to e-mail from the copiers stopped working after adding second ISP using NATing, both use aspmx.l.google.com, regular e-mail communcation between users work fine.

ISP was added for additional bandwidth. As soon as I remove the 2nd IP route, the email notifications and scan to email start working again.

Cisco 2900

interface GigabitEthernet0/0
description Outside-LightPath
ip address 173.x.162 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description To Firewall
ip address 69.x.209 255.255.255.240
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 108.x.146 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 50 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 173.x.161
ip route 0.0.0.0 0.0.0.0 108.x.145
!
access-list 50 permit 69.x.211
!
no cdp run

!
!
control-plane
!
banner motd ^C
This equipment is privately owned & operated.
It is for AUTHORIZED USE ONLY!
All access to this equipment is logged.
DISCONNECT IMMEDIATELY if you are not an AUTHORIZED User.
Violators will be prosecuted to the fullest extent of the law.
^C
!
line con 0
login local
line aux 0
line vty 0 4
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp server 128.118.25.5
end

paul driver · ‎03-28-2016

Hello

On the second additional interface you don't have nat applied and with the additional default route you are now load sharing between the two ISPs and probably incurring asymmetric routing.

if you would like to dual nat between the two ISPs I would suggest using route-maps in your nat configuration

Config t

int gig0/0

ip nat outside

route-map ISP1

match IP address 50

match interface gig0/0

route-map ISP2

match IP address 50

match interface gig0/2

no ip nat inside source-list 50 interface gig0/2

ip nat inside source route-map ISP1 interface gig0/0 overload

ip nat inside source route-map ISP2 interface gig0/2 overload

Res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Darren Spezio · ‎03-28-2016

Do I just add these to each interface or globally?

Does anything need to be removed from the current config?

Thanks,

Darren

paul driver · ‎03-28-2016

Hello

i have edited my OP so you should be able to copy and paste the config but please note applying on a existing production router

Please go through your agreed sla change control

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Darren Spezio · ‎03-28-2016

I will give this a try tomorrow during non production hours. I have a couple of quick questions.

1. I'm not sure I understand "go through your agreed sla change control"

2. What does "match ip address 50" represent? what does it look to?

paul driver · ‎03-29-2016

Hello

1. I'm not sure I understand "go through your agreed sla change control

Make sure you have authorisation from you place of work to implement any changes.

What does "match ip address 50" represent? what does it look to?

This matches on your existing access-list 50 relating to your lan facing interface of the router your querying -

Please note: - If you have limited experience in networking please do NOT implement any changes to your live network you are not comfortable with or not fully aware of the consequences yours changes may incur and most importantly not able to back out from.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Darren Spezio · ‎03-29-2016

I will make a backup copy of the current config and make these changes during non-production hours. Looks pretty straight forward, unless I'm missing something.

Darren Spezio · ‎04-02-2016

This message came up when removing "no ip nat inside source-list 50 interface gig0/2"

Dynamic mapping in use, do you want to delete all entries? yes no

Darren Spezio · ‎04-02-2016

Okay, everything is entered, how do I check if I now have symmetrical routing taking place?

Darren Spezio · ‎04-04-2016

Okay our external Public IP address changed to 173.x.162 from 69.x.x.211 for that ISP circuit.

Also our IP forwarding stopped working i.e. 69.x.x.212 to internal server 10.8.x.x

Darren Spezio · ‎04-07-2016

pinging...