you can only have 1 active

rajan.engineer · ‎05-20-2015

Hello,

i have cisco 1941 router. i configured as below even i can able to ping my WAN ip which is on gig0/0 ( ISP1) but can not able to ping my gig0/1 ip address (ISP 2).

from client site whoever on ISP one there is no problem everybody can go on internet.

but ISP configured they can not able to surf website.

i can able to ping google dns using isp 2 source as below.

ping 8.8.8.8 source vlan 89
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 20.20.20.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/20 ms

please provide solution.

configured as below.

interface GigabitEthernet0/0
description $$ FACING INTERFACE TO ISP 1 $$
ip address 1.1.1.1 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
!
interface GigabitEthernet0/1
description $$ facing internet to Oneconnect $$
ip address 2.3.4.5 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
description -vlan-10-50
switchport mode trunk
no ip address
!
interface GigabitEthernet0/1/1
description -Accounts
switchport access vlan 89
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
switchport mode trunk
no ip address
!
interface Vlan1
ip address 192.168.0.2 255.255.255.0
ip flow ingress
ip nat inside
ip nat enable
ip virtual-reassembly in
ip policy route-map PBR
!
interface Vlan10
no ip address
!
interface Vlan30
description -Voice
ip address 10.233.30.2 255.255.255.0
ip policy route-map PBR
!
interface Vlan40
description -Wifi
ip address 10.233.40.2 255.255.248.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface Vlan89
description -Account-Data
ip address 20.20.20.2 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface Vlan99
description -Account-Wifi
ip address 30.30.30.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
ip flow-capture ip-id
ip flow-aggregation cache protocol-port
cache entries 2048
cache timeout inactive 600
cache timeout active 60
enabled
!
ip flow-aggregation cache source-prefix
cache entries 2048
cache timeout inactive 600
cache timeout active 60
mask source minimum 32
enabled
!
ip flow-aggregation cache destination-prefix
cache entries 2048
cache timeout inactive 600
cache timeout active 60
mask destination minimum 24
enabled
!
ip flow-aggregation cache prefix-port
cache entries 2048
cache timeout inactive 600
cache timeout active 60
mask destination minimum 32
enabled
!
ip flow-top-talkers
top 20
sort-by packets
cache-timeout 10000
match protocol udp
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.0.18 132 209.29.232.35 132 extendable
ip route 0.0.0.0 0.0.0.0 1.1.1.2 name ftc
ip route 0.0.0.0 0.0.0.0 2.2.2.1 name Oneconnect
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 permit ip 10.233.40.0 0.0.7.255 any
access-list 101 permit ip 20.20.20.0 0.0.0.255 any
access-list 101 permit ip 30.30.30.0 0.0.0.255 any
!
route-map PBR permit 100
match ip address 100
set ip next-hop 209.29.232.33
!
route-map PBR permit 101
match ip address 101
set ip next-hop 68.232.69.213
!

Mark Malone · ‎05-21-2015

you can only have 1 active default route in a router at 1 time , your telling traffic from any source to any destination thats not known go to 2 different directions , only 1 of those defaults will be in your show ip route table , you need to be more granular with the static routes

Problem in Dual ISP on cisco 1941.