07-18-2012 05:06 AM - edited 03-04-2019 05:00 PM
Hello All,
I have an issue where I have a router with 2 Wan exit points. I have setup IPSLA to roll from a 3G connection to a Vsat connection if the 3G internet path is unavailable. All looks ok and I get reliable route updates in the route table for the failover. My issue is that the Nat overload route map is not operating correctly. When I roll from 3G to Vsat traffic flows ok. When the 3G come back online the route is re-entred into the route table but I get no traffic throughput. When I remove the Vsat Overload statement the traffic flows back out the 3G. Am I missing something? Any advise much appreciated
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.99
ip dhcp excluded-address 192.168.2.150 192.168.2.240
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.170 192.168.1.254
!
ip dhcp pool avnet
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.1
domain-name X.local
lease 7
!
ip dhcp pool user_Media
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
domain-name X.local
lease 3
!
!
ip domain name X.local
ip name-server 192.168.15.1
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
!
track 1 rtr 1 reachability
delay down 120
!
!
!
interface FastEthernet0
description Uplink to SW1
switchport mode trunk
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
description Uplink to Vsat
switchport access vlan 254
spanning-tree portfast
!
interface FastEthernet4
description Vsat
ip address 4.x.x.162 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description User_Media_Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan254
description 3G router
ip address dhcp
ip nat outside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 172.16.4.1 track 1
ip route 0.0.0.0 0.0.0.0 4.x.x.161 100
ip route 8.8.4.4 255.255.255.255 172.16.4.1
!
!
ip nat inside source route-map 3G interface Vlan254 overload
ip nat inside source route-map Vsat interface FastEthernet4 overload
!
ip sla 1
icmp-echo 8.8.4.4 source-interface Vlan254
frequency 5
ip sla schedule 1 life forever start-time now
access-list 1 permit 192.168.0.0 0.0.255.255
!
!
!
route-map Vsat permit 1
match ip address 1
match interface FastEthernet4
!
route-map 3G permit 2
match ip address 1
match interface Vlan254
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
!
Solved! Go to Solution.
07-18-2012 05:17 AM
Hi,
you shoud use local PBR to force the router to always source the ip sla probe from the primary interface:
ip access-list extended SLAPROBE_ACL
permit icmp any host 8.8.4.4
route-map SLAPROBE permit 10
match ip address SLAPROBE_ACL
set ip next-hop x.x.x.x where x.x.x.x is next-hop for primary path.
ip local policy route-map SLAPROBE
Regards.
Alain.
Don't forget to rate helpful posts.
07-18-2012 05:17 AM
Hi,
you shoud use local PBR to force the router to always source the ip sla probe from the primary interface:
ip access-list extended SLAPROBE_ACL
permit icmp any host 8.8.4.4
route-map SLAPROBE permit 10
match ip address SLAPROBE_ACL
set ip next-hop x.x.x.x where x.x.x.x is next-hop for primary path.
ip local policy route-map SLAPROBE
Regards.
Alain.
Don't forget to rate helpful posts.
09-13-2012 03:48 AM
Thanks Alain,
Took me a while to getting around to testing this, but it works perfectly.
Regards
David
10-15-2012 02:58 AM
Hello All,
Alain's assistance certainly helped with the failover which works nicely but I've hit a problem where the end points (PCs) after cut over cannot connect to the internet without flushing the PC's various caches. I can however start a new browser session on a different machine and all is ok. Am I missing something here? should as part of my IPSLA setup I flush the sessions? If so any recommendations on the best way?
Unfortunately my users are able to wait or undertake any remedial work themselves and they just sit there.
Thanks in advance
David
10-15-2012 03:34 AM
Hi,
you could use EEM to clear the NAT translations( example 3 in this reference
Regards.
Alain
Don't forget to rate helpful posts.
10-15-2012 04:32 AM
Alian you are the man. EEM is exactly what I was looking for. I've not used it before and it looks very powerful as a tool.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide