01-04-2019 09:05 PM - edited 03-05-2019 11:09 AM
Hi,
Myself Anand Singarayan, I have a 1841 Router in which we have connected 2 ISP. Both ISP's are up but simultaneously when both link is connected on Router one is reachable and other one is not reachable. When I am disconnecting one link the other link comes up. Why both the ISP WAN IP is not reachable. Kindly suggest.
01-04-2019 10:10 PM
For now we do not have any visibility of your setup and configuration, it is hard to say what is wrong and how these configuration done and implemented.
if you can post the configuration we can have a look and comment based on the information.
post show run
01-05-2019 12:57 AM
Thank you Balaji. PFB configuration.
Router1#sh run
Router1#sh running-config
Building configuration...
Current configuration : 10685 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
aaa session-id common
!
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
redundancy
!
!
!
!
ip ssh port 2000 rotary 90
!
track 10 ip sla 10 reachability
!
track 20 ip sla 20 reachability
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description UTL-Primary
ip address 13.2.29.6 255.255.255.248
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
!
!
interface FastEthernet0/0/0
description CISCO-Switch-Uplink
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0/0.24
description Switch-MGMT
encapsulation dot1Q 24
ip address 172.18.32.29 255.255.255.252 secondary
ip address 192.168.26.1 255.255.255.252
!
interface FastEthernet0/0/0.30
description ### RD ISP ###
encapsulation dot1Q 30
ip address 13.12.60.20 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
!
interface FastEthernet0/0/0.400
description test
encapsulation dot1Q 400
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1380
!
!
no ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat translation timeout 300
ip nat inside source route-map ISP-1 interface GigabitEthernet0/0 overload
ip nat inside source route-map ISP-2 interface FastEthernet0/0/0.30 overload
ip nat inside source static tcp 172.18.22.12 21 13.2.29.6 21 extendable
ip nat inside source static tcp 172.18.22.12 80 13.2.29.6 80 extendable
ip nat inside source static tcp 172.18.22.11 85 13.2.29.6 85 extendable
ip nat inside source static tcp 172.18.22.12 514 13.2.29.6 514 extendable
ip nat inside source static udp 172.18.22.12 514 13.2.29.6 514 extendable
ip nat inside source static tcp 172.18.22.12 1023 13.2.29.6 1023 extendable
ip nat inside source static udp 172.18.22.12 1610 13.2.29.6 1610 extendable
ip nat inside source static tcp 172.18.22.11 6601 13.2.29.6 6601 extendable
ip nat inside source static udp 172.18.22.11 6601 13.2.29.6 6601 extendable
ip route 0.0.0.0 0.0.0.0 13.2.29.5 track 10
ip route 0.0.0.0 0.0.0.0 13.12.60.19 10 track 20
!
ip sla 10
icmp-echo 8.8.8.8 source-ip 13.2.29.6
frequency 30
ip sla schedule 10 life forever start-time now
ip sla 20
icmp-echo 13.12.60.19 source-ip 13.12.60.20
frequency 30
ip sla schedule 20 life forever start-time now
!
!
!
route-map LAN permit 10
match ip address 104
match interface GigabitEthernet0/0
!
route-map ISP-2 permit 10
match ip address 98
match interface FastEthernet0/0/0.30
!
route-map ISP-1 permit 10
match ip address 98
match interface GigabitEthernet0/0
!
route-map SYS permit 10
match ip address 97
!
route-map LAN1 permit 10
match ip address 103
!
!
snmp-server community Dvois.com RO
snmp-server ifindex persist
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 10
exec-timeout 5 0
rotary 90
transport input all
line vty 5 15
transport input ssh
!
scheduler allocate 20000 1000
event manager applet NAT-ISP1
event track 20 state any
action one cli command "enable"
action three cli command "clear ip nat translation *"
action two cli command "clear ip nat translation forced"
!
end
Router1#
01-05-2019 12:58 AM
One more update, from Router both the ISP IP is reachable point to point but from globally only one IP is reachable.
01-05-2019 01:26 AM
just quickly looked overview I did not see anything wrong with your setup.
your config has a IP SLA, if one of the link not reachable, it will route automatically to another route.
below IP are Public IP these should work, is this connected to same ISP ? or different ISP ?
13.2.29.6
13.12.60.20
01-05-2019 01:53 AM
Its a different ISP, I have just given a dummy IP.
01-05-2019 03:42 AM
if the different ISP you should able to ping public side internet to that IP.
from internal it use Active path always, but you can do test using source IP from router. ( i belive you did it was working as you mentioned.)
01-05-2019 04:01 AM
Yes Mr Balaji, but globally only one use to be reachable.
01-05-2019 08:21 AM
which one reachable, when that IP down, other one reachable ?
01-06-2019 08:33 PM
Hi Anand,
I saw that you did not post the whole router configuration. For example, I did not see any of the access-lists and interfaces with "ip nat inside".
Please share with us the output of "sh ip route", and "sh ip int bri".
Also, if you could move this ticket to Routing section, more people could assist you.
HTH,
Meheretab
01-07-2019 05:41 AM
The IP SLA config will have on route being preferred. Both links will be active but if you query your routing table you should see the route.
You can use show ip route & show ip route track-table to verify. Also note you have the option to do NAT load-balancing for two ISPs if you wish. I get the feeling that is the use-case you are looking for.
Regards
Brent
01-11-2019 10:08 AM
Mr. Anand Singarayan Paradesi ,
The purpose of some commands in your commands are still unknown, like there is no Nat inside however there is Nat outside and no access list for 98 and all..
You need to share your exact motive fully of the customer and share the results of below commands also to explain further.
Show IP route
Sh IP Nat translation
Do it before and after failover of one ISP
After that we can conclude the work
Regards
Ramesh Prabhu
You know
@anand8891 wrote:
Hi,
Myself Anand Singarayan, I have a 1841 Router in which we have connected 2 ISP. Both ISP's are up but simultaneously when both link is connected on Router one is reachable and other one is not reachable. When I am disconnecting one link the other link comes up. Why both the ISP WAN IP is not reachable. Kindly suggest.
01-11-2019 03:43 PM
I can see from your configurations that you are connected to one service provider on your GIG port and for the second provider you have configured Fast ethernet port with sub-interfaces? Is that port up linked to another switch and from that switch you are terminating out to the Internet?
from the above comments you need to show us the output or there is something you can do just to verify your connectivity. You can try pinging the other Public Ip address from your router ie ping X.X.X.X source interface G1/0 as this will send the ICMP packet using the Public IP address and that way atleast you can prove your connectivity over the internet using public IP address without the need of NAT etc.
01-12-2019 01:26 AM
Hello
Your configuration doesn't look complete - makes me think how you are successfully connecting to either one of your isp's unless you testing it from the rtr itself?
You have missing or incorrect nat statements, route-maps and access-lists
Can you clarify if this is the complete configuration?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide