I need configure a failover on cisco Router 2911 V.15.1 I have two carriers,

alexs1977 · ‎02-26-2015

Hi, I need configure a failover on cisco Router 2911 V.15.1 I have two carriers, how can enable this setup? this is my configuration:

ser Access Verification

Password:
Password:
RO1921#show run
Building configuration...

Current configuration : 1712 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RO1921
!
boot-start-marker
boot-end-marker
!
!
enable password
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FTX1626814X
!
!
username
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.50.82.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.14.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.14.1
ip route 10.50.82.0 255.255.255.0 192.168.14.1
ip route 192.168.11.0 255.255.255.0 192.168.14.1
ip route 192.168.12.0 255.255.255.0 192.168.14.1
ip route 192.168.14.0 255.255.255.0 192.168.14.1
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
transport output telnet
line aux 0
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 30 0
privilege level 15
password
login
transport input telnet ssh
line vty 5 15
login
transport input telnet
!
scheduler allocate 20000 1000
end

RO1921

I really apreciate your support

Thanks

Alex

Vasilii Mikhailovskii · ‎02-27-2015

Hello.

Could you name what are the interfaces for - where is the first carrier, where is the second, where is LAN.

Do you want to access Internet or you need to build IPSec to any Hub?

Sam Smiley · ‎03-02-2015

Alex, the best config I have found for this is at the following link:

https://supportforums.cisco.com/document/32186/dual-internet-links-nating-pbr-and-ip-sla

When I did this config I ran into a couple of problems; you will find the issues and solutions to my config at the below link:

https://supportforums.cisco.com/discussion/12400601/routing-issues-ip-sla

Hope this helps!

Regards,

Sam

Bekzod Fakhriddinov · ‎03-05-2015

ip sla , track to that ip sla . ip route trhough 1st ISP track # and ip route to second ISP ; dont forget ip nat inside and ip nat outside , u will have 2 ip nat outside int . ACL for allowed /denied to internet, u need for NAT .

pay attention to AD of the routes . track will control route if sla down then track will delete that route and router will install second route . u need to use route-map to do nat overload : ip nat inside route-map WAN1 int x/x overload ; ip nat inside route-map WAN2 int x/y overload

route-map :

match ip address ACL

match int x/x

show ip sla # ; show track # ; if u ping google what is popupalr u will need to make additional route for that ip route 8.8.8.8 destination x/x

if u have 1 isp as dhcp , make static ip from isp with higher priority .

have a fun dude ;)