Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
2
Replies

Forced to user "permanent" string in ip route. Why

iantra123
Level 3
Level 3

‎11-18-2015 03:36 AM - edited ‎03-05-2019 02:46 AM

Hi all,

I'm using a CISCO2911 with IOS c2900-universalk9-mz.SPA.154-3.M2.bin.

I have two(2) Internet connections, and I have this issue:

I am forced to use the "permanent" keyword, in my static route, so that the router can forward the packets to the internet.

If I remove the "permanent" keyword, then packets cannot be forwarded. packets cannot be forwarded also if I place the "track" command.

So I had to use the "permanent" keyword for the two(2) static ip route.

Then for test I used the dual ISP example NAT translation.

http://docwiki.cisco.com/wiki/NAT_failover_with_DUAL_ISP_on_a_router_Configuration_Example

If the first interface is down, then the packets are not forwarded to the second link.

The routing table is OK. but packets cannot be translated or forwarded.

If i use the simple ip route with weight then the routing table appears normal if I shutdown one of the internet interfaces.

but packet cannot be translated and forwarded.

Any solutions?

Thank you very much

Below are the configs:


! Last configuration change at 16:06:13 UTC Tue Nov 17 2015 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings

!
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
aaa authorization network default local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group ppoe
!
!
!
cts logging verbose
!
license boot module c2900 technology-package datak9
!
!

!
redundancy
!
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LAN
 ip address 172.16.113.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex full
 speed auto
!
interface GigabitEthernet0/1
 description Backup PPPoE
 no ip address
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/2
 description lien principal - Blueline
 ip address  X.Y.Z.10 255.255.255.240
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 ip virtual-reassembly out
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname adsl@me.com
 ppp chap password 0 Password2015
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map ISP1_NAT interface GigabitEthernet0/2 overload
ip nat inside source route-map ISP2_NAT interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0  X.Y.Z.1 permanent
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent

!
ip access-list extended TOINTNET
 permit ip any any
!
ip sla 1
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/2
 frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 8.8.8.8 source-interface Dialer1
 frequency 5
ip sla schedule 2 life forever start-time now
dialer-list 1 protocol ip permit
!
route-map ISP2_NAT permit 10
 match ip address TOINTNET
 match interface Dialer1
!
route-map ISP1_NAT permit 10
 match ip address TOINTNET
 match interface GigabitEthernet0/2
!
!

!
!
end

Labels:
0 Helpful
2 Replies 2

Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎11-18-2015 05:47 AM

Hello,

Did you check the status of your IP SLA to see if it is up or not?

Your second WAN link is Gig 0/1 or Gig 0/2?

ip sla 1
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/2
 frequency 5

0 Helpful

paul driver
VIP
VIP

‎11-18-2015 07:10 AM

Hello

Just like to add:

Possible reasons why the default could not get installed is if the next hop is not in the rib or the interfaces they point tooare not active.or you have a lower admin routes

You dont need Sla2 as your router just needs to act upon Sla1 status

Have you tried:

no ip access-list extended TOINTNET  <---------- Nat doesnt like ip any any statements

ip access-list extended TOINTNET
permit ip 172.16.113.0 0.0.0.255 any

no ip sla2
no track 2

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2 x.x.x.x  name ISP1 track 1
ip route 0.0.0.0 0.0.0.0  Dialer1 x.x.x.x 2 name ISP2  <------ ----------admin distance of 2


res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card