Re: Reduant internet with 2 different ISP's. Please help

r.bhupathi · ‎04-21-2005

Hi

I'm looking at setting up an internet connection with 2 different ISP's for High Availability.

When one goes down we want to stay live as we have a critical application that will be running over the internet.

We have Cisco 1721 Connected to one ISP and CISCO 2801 Connected to Otehr ISP. We have a Nortel Firewall behind this routers and this firewall does the NATTing.

I am attaching a diagram. Can some one help me with this plese.

Regards

Rajendra Prasad Raju.Bh

Phone:+1 516 240 1819

+91 98490 57587 Mobile India

ankurbhasin · ‎04-22-2005

Hi Rajendra,

I think HSRP will the best config for you.

You can have HSRP running on your 2 router ethernet interface and can track your serial interface.

I mean you can keep the HSRP priority on your VSNL router high and can track the serail interface and if your serial goes dows the tracking config will reduce the priority of the HSRP and in that case your standby router ethernet interface will come up and I hope that will solve your redundant purpose.

HTH

Ankur

r.bhupathi · ‎04-22-2005

Hi,

I have configured HSRP and HSRP is working fine but I am no able to route packets thru SIFY.

r.bhupathi · ‎04-22-2005

Hi Ankur,

I have configured HSRP on the Routers, router connected to SIFY will become active once I pull out the serial interface of the active router(rouer connected to VSNL), but for some reasons I am not able to reach Internet thru sify internet if VSNL goes down. I can send you the config of the routers if you want to have a look at them and suggest where am i going wrong.

Regards

Rajendra

ankurbhasin · ‎04-22-2005

Hi Rajendra,

Please post the config of both the routers and "sh ip route" from the routers.

Might be we are missing some static routes.

If your HSRP is working fine and SIFY router is becoming active then for sure some route problem.

Ankur

r.bhupathi · ‎04-22-2005

hi ankur,

Please find the config of both the rouers.

***Config of Router Connected to VSNL***

sh runn

Building configuration...

Current configuration : 1216 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Cisco1721

!

logging queue-limit 100

no logging buffered

enable secret xxxx

enable password xxxx

!

ip subnet-zero

!

no ip domain lookup

!

interface FastEthernet0

description connected to EthernetLAN

ip address 203.x.x.x.255.255.240

speed auto

standby preempt

standby 1 ip 203.x.x.97

standby 1 priority 105

standby 1 track Serial0

!

interface Serial0

description connected to Internet

ip address 203.x.x.x.255.255.252

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

no ip http server

!

logging history size 250

no logging trap

logging facility local2

snmp-server community xxx RO

snmp-server enable traps tty

banner exec ^C

This is a secure system, authorized access only! ^C

banner motd ^C

^C

!

line con 0

exec-timeout 0 0

password xxxx

login

line aux 0

line vty 0 4

password xxxx

login

line vty 5

login

line vty 6 10

password xxx

login

!

end

***************

***IP route of Router Connected to VSNL***

Cisco1721# sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

203.x.x.0/30 is subnetted, 1 subnets

C 203.x.x.32 is directly connected, Serial0

203.x.x.0/28 is subnetted, 1 subnets

C 203.x.x.96 is directly connected, FastEthernet0

S* 0.0.0.0/0 is directly connected, Serial0

***********************************************

***Config of router Connected to Sify***

sh runn

Building configuration...

Current configuration : 1970 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Standbyrouter

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

username xxx privilege 15 secret xxxx

no network-clock-participate aim 0

no network-clock-participate aim 1

no aaa new-model

ip subnet-zero

ip cef

!

ip domain name yourdomain.com

no ftp-server write-enable

!

interface FastEthernet0/0

description connect to SIFI SU

ip address 210.x.x.x.255.255.224

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

description VSNL Valid Pool

ip address 203.x.x.x.255.255.240

ip mask-reply

no ip redirects

ip nat inside

duplex auto

standby 1 ip 203.x.x.97

standby 1 preempt

standby 1 track FastEthernet0/0

!

ip classless

ip route 0.0.0.0 0.0.0.0 210.18.80.161

ip http server

ip http authentication local

ip nat inside source static 203.x.x.x.18.80.164 no-payload

!

control-plane

Regards,

Rajendra

olorunloba · ‎04-22-2005

Because you are using 2 different ISPs, the config will be hard to implement. Upon failing over, your NAT configuration hs to failover to the other ISP.

You might need to move the natting to the routers connected to the ISPs for the config to work.