cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3688
Views
9
Helpful
13
Replies

Issues with two WAN connection

parijatkumar
Level 1
Level 1

Hi Every body,

We have two internet connection,we want to  use both the link simultaneously.One link has PPP encapsulation,so i have created 1 dialer interface.

Our problem is that when  we run one connection at a time,every thing works fine,but as we connect both link together with two default route,we face issues with NAT as we dont know how to configure NAT overload command with two gateways.

Also when we give the Name server of both the ISPs,names are not resolved the client machines,but as we remove the name server of the ISP which is disconnected,every thing works fine.

We are using CISCO 3925.

Any suggestions would be appreciated.

Thanks in advance.

13 Replies 13

parijatkumar
Level 1
Level 1

pls some one help...

thanks...

I am not clear why you created a dialer interface for the PPP link. For most data connections PPP works just fine to connect to a point to point peer without needing a dialer.

Address translation where you have two outbound interfaces usually is done using a route map in the ip nat statement rather than just an access list. There would be 2 ip nat statements each referencing a route map and setting the address translation overload. In the route map you would match an access list identifying the traffic and would also match an outbound interface.

HTH

Rick

HTH

Rick

just to add to Rick post above

i am assuming the issue is with the NAT config where you need to have a route-map to match the exit interface

as ios wil use the first nat line

check out the below link which will be a good example for your case especially the NAT part

https://supportforums.cisco.com/docs/DOC-8313

hope this help

Thanks 4 d help. here is my configuration:

Router#sh run brief

Building configuration...

Current configuration : 2951 bytes

!

! Last configuration change at 09:34:53 UTC Sun Apr 1 2012 by tamanna

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no logging buffered

!

no aaa new-model

!

!

!

!

!

--More--                           !

--More--                           no ipv6 cef

--More--                           ip source-route

--More--                           ip cef

!

!

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.202

ip dhcp excluded-address 192.168.1.223

ip dhcp excluded-address 192.168.1.251

ip dhcp excluded-address 192.168.1.252

ip dhcp excluded-address 192.168.1.253

!

ip dhcp pool cic-pool

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   dns-server 192.168.1.1

   lease 365

!

!

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

multilink bundle-name authenticated

!

!

--More--                           license udi pid C3900-SPE100/K9 sn XXXXXXXXXX

!

!

username XXXXXXX privilege 15 password 7 XXXXXXXX

!

redundancy

!

!

!

track 10 ip sla 1 reachability

delay down 1 up 1

!

track 20 ip sla 2 reachability

delay down 1 up 1

!

!

!

!

!

!

!

interface GigabitEthernet0/0

description DSL interface

--More--                            no ip address

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

!

interface GigabitEthernet0/1

description $ETH-WAN$

ip address 192.168.20.2 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

!

!

interface GigabitEthernet0/2

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map abc

duplex auto

--More--                            speed auto

!

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp authentication pap callin

ppp chap hostname ct3322884411

ppp chap password 7 140713181F13253920

ppp pap sent-username XXXXXXXXX password 7 XXXXXXXXXXXXXX

!

!

ip forward-protocol nd

!

ip http server

ip http authentication local

no ip http secure-server

!

ip dns server

--More--                           ip nat inside source route-map airtel interface GigabitEthernet0/1 overload

ip nat inside source route-map bsnl interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 Dialer1 track 10

ip route 0.0.0.0 0.0.0.0 192.168.20.1 track 20

!

ip sla 1

icmp-echo 59.90.253.1

timeout 500

threshold 500

frequency 1

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 192.168.20.1

timeout 500

threshold 500

frequency 1

ip sla schedule 2 life forever start-time now

access-list 10 permit 192.168.1.0 0.0.0.255

!

!

!

!

route-map airtel permit 20

--More--                            match ip address 10

match interface GigabitEthernet0/1

!

route-map bsnl permit 10

match ip address 10

match interface Dialer1

!

route-map abc permit 40

match ip address 10

set ip next-hop verify-availability 59.90.253.1 2 track 10

!

route-map abc permit 50

set ip next-hop verify-availability 192.168.20.1 1 track 20

!

!

!

control-plane

!

!

!

line con 0

login local

line aux 0

--More--                           line vty 0 4

no login

!

scheduler allocate 20000 1000

end

In this only one link works at a time,as soon as i plug in both of the links,every thing stops.

Then i did following changes:

no ip cef

route-map abc permit 40

match ip address 10

set ip next-hop 59.90.253.1 192.168.20.1

Every thing works fine but every time it uses 192.168.20.1 path.Even when I do tracert 59.90.253.1 from the system it took 192.168.20.1 path.So basically it is using only one link and failover is also working fine,but we need to use both the links together...

Thanks once again for helping....

Hi Parijat,

You have to take into consideration to your tests that packets that are generated by the router are not normally policy routed. To enable PBR for packets generated by the router you have to issue the ip local policy route-map xxxx command in global configuration mode. This command is not in your config.

The load balance can be achieved only for packets coming from the interface that you applied the ip policy route-map command, the int gi0/2 in our case.

So, this could be the reason that load balance can not work and the tracrt follows the 192.168,.20.1 path.

Perform tests with traffic coming from LAN interface (gi0/2).

Hope that helps,

Vasilis

Please rate helpful posts

Vasilis makes an interesting point about local PBR.

But I believe that there is a different issue here. I believe that the clue to it is in this statement:"Even when I do tracert 59.90.253.1 from the system it took 192.168.20.1 path." This suggests to me that 59.90.253.1, which I assume is supposed to be locally connected on the dialer,  is not reachable or at least not reachable over the dialer interface.

The first thing that I would suggest to investigate this is to post the output of how ip route. We would like to see if that is a route in the routing table. Assuming that it is not a route in the routing table the next thing that I would suggest would be to post the output of show ip interface brief and perhaps the output of show interface dialer1.

HTH

Rick

HTH

Rick

Thanks Vasileios .

The trace route result which i mentioned above is from the LAN and not from the Router.

OK Parijat. Then local policy can not be the problem.

I also suggest to provide the info that Richard requested to furhter investigate the problem

Hi,

Following are the outputs you guys asked for:

sh ip int br

Interface                        IP-Address      OK?    Method Status                Protocol

GigabitEthernet0/0         unassigned      YES    NVRAM  up                    up    

GigabitEthernet0/1         192.168.20.2     YES    NVRAM  up                    up    

GigabitEthernet0/2         192.168.1.1       YES    NVRAM  up                    up    

Dialer1                           59.90.253.xxx   YES    IPCP      up                    up    

NVI0                               192.168.20.2     YES    unset     up                    up    

Virtual-Access1            unassigned        YES    unset     up                    up    

Virtual-Access2            unassigned        YES    unset     up                    up    

Router#trac

Router#traceroute 59.90.253.1

Type escape sequence to abort.

Tracing the route to 59.90.253.1

  1 59.90.253.1 12 msec 16 msec 16 msec

Router#tracer

Router#traceroute google.com

Translating "google.com"...domain server (8.8.8.8) [OK]

Type escape sequence to abort.

Tracing the route to google.com (173.194.38.167)

  1 59.90.253.1 16 msec           {1st hop showing both thegateway????}

    192.168.20.1 0 msec 0 msec

  2 218.248.162.166 16 msec 12 msec

    ABTS-North-Static-101.105.22.125.airtelbroadband.in (125.22.105.101) 64 msec

  3 ABTS-North-Static-233.237.160.122.airtelbroadband.in (122.160.237.233) 32 msec

    218.248.255.50 48 msec

    ABTS-North-Static-233.237.160.122.airtelbroadband.in (122.160.237.233) 32 msec

  4 59.163.206.161.static.chennai.vsnl.net.in (59.163.206.161) 540 msec

    AES-Static-021.78.22.125.airtel.in (125.22.78.21) 32 msec 28 msec

  5 121.240.1.46 520 msec

    203.101.100.189 156 msec 152 msec

  6 72.14.233.204 516 msec

    72.14.223.210 180 msec

    72.14.233.204 520 msec

  7 66.249.95.106 140 msec 140 msec

    66.249.94.74 532 msec

  8 72.14.233.105 540 msec 540 msec

    66.249.94.219 204 msec

  9 google.com (173.194.38.167) 508 msec

    209.85.251.95 148 msec

    google.com (173.194.38.167) 504 msec

Thanks once again...

Hi Parijat,

Could you also provide the sh interface as well as the show ip route command for these 2 connected subnets?

It is strange to the next

59.90.253.1 16 msec           {1st hop showing both thegateway????}

    192.168.20.1 0 msec 0 msec

that has 0 msec to the 2nd hop.

The fact that shows 2 entries to the first hop shows that balances works.

The previous traceroute has been applied by the router with the links to the ISP?

Hi,

Ya will provide that...

Traceroute in the last post was from router and in the post where I posted the config,traceroute was from client machine...

Thanks...

hi,

Here is sh ip route result:

Router#                                                                   sh ip[    rou

Router#sh ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 192.168.20.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.20.1

                is directly connected, Dialer1

      59.0.0.0/32 is subnetted, 2 subnets

C        59.90.253.xxx is directly connected, Dialer1

C        59.90.253.130 is directly connected, Dialer1

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.1.0/24 is directly connected, GigabitEthernet0/2

L        192.168.1.254/32 is directly connected, GigabitEthernet0/2

      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.20.0/30 is directly connected, GigabitEthernet0/1

L        192.168.20.2/32 is directly connected, GigabitEthernet0/1

Thanks for helping...

parijatkumar
Level 1
Level 1

hi all,

Following thing also noticed...

After every 20-30 mins we start getting following messages...

Router#

*Apr  4 06:08:30.875: %TRACKING-5-STATE: 20 ip sla 2 reachability Up->Down

*Apr  4 06:08:45.875: %TRACKING-5-STATE: 20 ip sla 2 reachability Down->Up

Router#

Router#

*Apr  4 06:09:00.875: %TRACKING-5-STATE: 20 ip sla 2 reachability Up->Down

*Apr  4 06:09:10.899: %TRACKING-5-STATE: 20 ip sla 2 reachability Down->Up

*Apr  4 06:09:20.899: %TRACKING-5-STATE: 20 ip sla 2 reachability Up->Down

*Apr  4 06:09:30.899: %TRACKING-5-STATE: 20 ip sla 2 reachability Down->Up

*Apr  4 06:09:45.899: %TRACKING-5-STATE: 20 ip sla 2 reachability Up->Down

*Apr  4 06:09:55.899: %TRACKING-5-STATE: 20 ip sla 2 reachability Down->Up

*Apr  4 06:10:10.923: %TRACKING-5-STATE: 20 ip sla 2 reachability Up->Down

*Apr  4 06:10:20.923: %TRACKING-5-STATE: 20 ip sla 2 reachability Down->Up

*Apr  4 06:10:40.923: %TRACKING-5-STATE: 20 ip sla 2 reachability Up->Down

*Apr  4 06:10:50.923: %TRACKING-5-STATE: 20 ip sla 2 reachability Down->Up

*Apr  4 06:11:05.923: %TRACKING-5-STATE: 20 ip sla 2 reachability Up->Down

*Apr  4 06:11:15.947: %TRACKING-5-STATE: 20 ip sla 2 reachability Down->Up

Router#

Router#

and when we ping our dialer interface from outside our network we get following :

Reply from 59.90.253.xxx: bytes=32 time=394ms TTL=238

Reply from 59.90.253.xxx: bytes=32 time=380ms TTL=238

Request timed out.

Reply from 59.90.253.xxx: bytes=32 time=296ms TTL=238

Request timed out.

Reply from 59.90.253.xxx: bytes=32 time=300ms TTL=238

Request timed out.

Reply from 59.90.253.xxx: bytes=32 time=304ms TTL=238

Reply from 59.90.253.xxx: bytes=32 time=303ms TTL=238

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Reply from 59.90.253.xxx: bytes=32 time=404ms TTL=239

Request timed out.

Reply from 59.90.253.xxx: bytes=32 time=310ms TTL=239

please suggest...

Thanks...