cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
250
Views
0
Helpful
2
Replies

Forced to user "permanent" string in ip route. Why

iantra123
Participant
Participant

Hi all,

I'm using a CISCO2911 with IOS c2900-universalk9-mz.SPA.154-3.M2.bin.

I have two(2) Internet connections, and I have this issue:

I am forced to use the "permanent" keyword, in my static route, so that the router can forward the packets to the internet.

If I remove the "permanent" keyword, then packets cannot be forwarded. packets cannot be forwarded also if I place the "track" command.

So I had to use the "permanent" keyword for the two(2) static ip route.

Then for test I used the dual ISP example NAT translation.

http://docwiki.cisco.com/wiki/NAT_failover_with_DUAL_ISP_on_a_router_Configuration_Example

If the first interface is down, then the packets are not forwarded to the second link.

The routing table is OK. but packets cannot be translated or forwarded.

If i use the simple ip route with weight then the routing table appears normal if I shutdown one of the internet interfaces.

but packet cannot be translated and forwarded.

Any solutions?

Thank you very much

Below are the configs:


! Last configuration change at 16:06:13 UTC Tue Nov 17 2015 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings

!
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
aaa authorization network default local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group ppoe
!
!
!
cts logging verbose
!
license boot module c2900 technology-package datak9
!
!

!
redundancy
!
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LAN
 ip address 172.16.113.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex full
 speed auto
!
interface GigabitEthernet0/1
 description Backup PPPoE
 no ip address
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/2
 description lien principal - Blueline
 ip address  X.Y.Z.10 255.255.255.240
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 ip virtual-reassembly out
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname adsl@me.com
 ppp chap password 0 Password2015
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map ISP1_NAT interface GigabitEthernet0/2 overload
ip nat inside source route-map ISP2_NAT interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0  X.Y.Z.1 permanent
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent

!
ip access-list extended TOINTNET
 permit ip any any
!
ip sla 1
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/2
 frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 8.8.8.8 source-interface Dialer1
 frequency 5
ip sla schedule 2 life forever start-time now
dialer-list 1 protocol ip permit
!
route-map ISP2_NAT permit 10
 match ip address TOINTNET
 match interface Dialer1
!
route-map ISP1_NAT permit 10
 match ip address TOINTNET
 match interface GigabitEthernet0/2
!
!

!
!
end

2 Replies 2

Masoud Pourshabanian
Collaborator
Collaborator

Hello,

Did you check the status of your IP SLA to see if it is up or not?

Your second WAN link is Gig 0/1 or Gig 0/2?

ip sla 1
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/2
 frequency 5

paul driver
VIP Expert VIP Expert
VIP Expert

Hello

Just like to add:

Possible reasons why the default could not get installed is if the next hop is not in the rib or the interfaces they point tooare not active.or you have a lower admin routes

You dont need Sla2 as your router just needs to act upon Sla1 status

Have you tried:

no ip access-list extended TOINTNET  <---------- Nat doesnt like ip any any statements

ip access-list extended TOINTNET
permit ip 172.16.113.0 0.0.0.255 any

no ip sla2
no track 2

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2 x.x.x.x  name ISP1 track 1
ip route 0.0.0.0 0.0.0.0  Dialer1 x.x.x.x 2 name ISP2  <------ ----------admin distance of 2


res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers