cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
3228
Views
0
Helpful
7
Replies
Highlighted
Beginner

Need assistance in backup route configuration

Hello,

The topology I'm currently working on has an ASA at the edge (plugged directly into the ISP equipment) with a 3750X stack behind it. The 3750X has an NLAN interface for internal routing between multiple sites.

The 3750X has a default static route pointing to the ASA device and also has EIGRP running (receives routes through the NLAN).

The ASA also has EIGRP but the outside interface is set to passive, so all internal routes are learned from the 3750X's NLAN interface. The ASA has a static default route pointing to the ISP.

Basic requirements are that all internal traffic goes through the NLAN while all internet traffic goes through the ISP.

I need the 3750X to start routing packets through the NLAN as a secondary default route (to use the other sites internet feeds) in case the ASA ISP connection goes down, but since they are on two different boxes I am unsure of the best way to do this. I want the default route to point back to the ASA once the local internet link is back up, so I don't think I can use two static default routes with different route costs.

Can someone lend me their assistance in getting this working properly?

Thanks!

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Need assistance in backup route configuration

Hi,

  Well,I think you want to re-route internet traffic to another box when ASA can't reach the internet. You can be done with IP SLA on the C3750X. It should be something like this. I'd track DNS server 8.8.8.8. Assuming that if I can't reach that DNS,I would re-route. You may track other IP address if you want to.

C3750X

!

ip sla monitor 1
 type echo protocol ipIcmpEcho 8.8.8.8
 timeout 1000
 frequency 3
 threshold 2

!

ip sla monitor schedule 1 life forever start-time now

!

track 1rtr 1 reachability

!

ip route 8.8.8.8 255.255.255.255 
ip route 0.0.0.0 0.0.0.0 <ASA IP address> track 1
ip route 0.0.0.0 0.0.0.0 <NLAN BOX IP address> 100
!

  Let's check this link: http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html


HTH,
Toshi

View solution in original post

7 REPLIES 7
Highlighted

Re: Need assistance in backup route configuration

Hi,

  Well,I think you want to re-route internet traffic to another box when ASA can't reach the internet. You can be done with IP SLA on the C3750X. It should be something like this. I'd track DNS server 8.8.8.8. Assuming that if I can't reach that DNS,I would re-route. You may track other IP address if you want to.

C3750X

!

ip sla monitor 1
 type echo protocol ipIcmpEcho 8.8.8.8
 timeout 1000
 frequency 3
 threshold 2

!

ip sla monitor schedule 1 life forever start-time now

!

track 1rtr 1 reachability

!

ip route 8.8.8.8 255.255.255.255 
ip route 0.0.0.0 0.0.0.0 <ASA IP address> track 1
ip route 0.0.0.0 0.0.0.0 <NLAN BOX IP address> 100
!

  Let's check this link: http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html


HTH,
Toshi

View solution in original post

Highlighted
Beginner

Re: Need assistance in backup route configuration

That makes sense. Would the default route point back to the ASA once the main internet link (and thus the route to 8.8.8.8) is re-established using that ip sla setup? The key is that I don't want to have to clear the secondary ip route statement from the config just so the proper route is used again.

marwanshawi, I'm not really sure what you mean, but I can 'draw' the diagram if it helps.

                    EIGRP->

(Internet) ---- (ASA) ---- (Switch)

                                           |

                                   NLAN (EIGRP)

If I perform a 'show route' on the ASA it will display all the internal routes as EIGRP with the NLAN interface on the 3750X switch as the next hop.

Highlighted

Re: Need assistance in backup route configuration

Hi,

Q: Would the default route point back to the ASA once the main internet  link (and thus the route to 8.8.8.8) is re-established using that ip sla  setup?

A: Yes it has to be. You may adjust timing parameters on IP SLA you want.

   I think you're runing Eigrp to let ASA know where to route internal networks. We was trying to handle a backup default route. I think IP SLA could help you.

HTH,

Toshi

Highlighted
Beginner

Re: Need assistance in backup route configuration

Hi,

I read through the document. The configuration suggest something similar but slightly different (highlighted in bold)

The example in the document is as follows:

interface FastEthernet 0/0
 description primary-link
 ip address 10.1.1.1 255.0.0.0

interface Dialer 0
 description backup-link
 ip address 10.2.2.2 255.0.0.0

ip sla monitor 1
 type echo protocol ipIcmpEcho 172.16.23.7
 timeout 1000
 frequency 3
 threshold 2
ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability

access list 101 permit icmp any host 172.16.23.7 echo
route map MY-LOCAL-POLICY permit 10
 match ip address 101
 set interface dialer 0 null 0
!
ip local policy route-map MY-LOCAL-POLICY

ip route 0.0.0.0 0.0.0.0 10.1.1.242 track 123
ip route 0.0.0.0 0.0.0.0 10.2.2.125 254

What exactly does the route map portion do? There is also no default route in the document pointing to the IP SLA destination as your config suggested. Is that really needed?

Highlighted

Re: Need assistance in backup route configuration

Hi,

   Configurations I provided is okay and it can be used as an example. What you want to do is a floating route for a default route and you want to track how to reach the internet not just a next-hop(IP SLA can do this). You just read how IP SLA works:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configuration/guide/swipsla.html#wp1094080.

   And then test and let us know how things work out.

HTH,

Toshi

Highlighted
Beginner

Need assistance in backup route configuration

Thanks a lot for the help. It works just great.

I ended up using the ISP's gateway instead of 8.8.8.8 as I happen to use that IP for connectivity tests all the time (took me a few to realise why my pings weren't working when they should have been)

Highlighted

Re: Need assistance in backup route configuration

Can you put a simple diagram of how the switch and the Asa cinched interim of EIGRP

Sent from Cisco Technical Support iPhone App