cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1571
Views
0
Helpful
3
Replies

Routing DMVPN traffic through secondary ISP

pointless_l
Level 1
Level 1

I have set up a 1921 router with 2 Dialer interfaces connected to 2 different ISP's. I used the ip route 0.0.0.0 0.0.0.0 interface Dialer0 for all the internet traffic without any problems but I want to make an exception for the DMVPN traffic and route that over the Dialer1 interface. I created an access list that matches on the destination IP address of the DMVPN hub and a route map that sends the traffic by means of next-hop to the IP address of the Dialer1 interface. However when I try to set this I get an error message that the IP address "is our own" and I can't complete the route map. Any thoughts on what I am doing wrong?

Thank you in advance for your input.

3 Replies 3

fsebera
Level 4
Level 4

Sounds like you may be mixing the local net with the remote net in the route map command.

I see your files attached, but cannot open 'em.

Perhaps paste in-line so we can have a look-see.

Regards

frank

Here we go:

version 15.0

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ew38

!

boot-start-marker

boot-end-marker

!

enable secret 5 $

!

aaa new-model

aaa local authentication attempts max-fail 3

!

!

aaa authorization exec default local

!        

!

!

!

!

aaa session-id common

!

!

!

!

no ipv6 cef

no ip source-route

ip cef

!

!

ip dhcp excluded-address 192.168.20.1 192.168.20.20

ip dhcp excluded-address 192.168.20.250 192.168.20.254

ip dhcp excluded-address 192.168.20.112

ip dhcp excluded-address 192.168.33.1 192.168.33.50

ip dhcp excluded-address 192.168.33.254

!

ip dhcp pool local-pool

   import all

   network 192.168.20.0 255.255.255.0

   dns-server 213.75.63.36 213.75.63.70

   default-router 192.168.20.1

!

ip dhcp pool remote-pool

   import all

   network 192.168.33.0 255.255.255.0

   dns-server 213.75.63.36 213.75.63.70

   default-router 192.168.33.254

!

ip dhcp pool guests-pool

   import all

   network 192.168.240.0 255.255.255.0

   dns-server 213.75.63.36 213.75.63.70

   default-router 192.168.240.1

!

!

!

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn

!        

!

username ciscoadmin privilege 15 secret 5 $

!

redundancy

!

!

controller SHDSL 0/1/0

dsl-group 0 pairs  0

!

!

!

!

!

!

!

!

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

no cdp enable

!       

!

interface GigabitEthernet0/0.1

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no cdp enable

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 33

ip address 192.168.33.254 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no cdp enable

!

interface GigabitEthernet0/0.3

encapsulation dot1Q 240

ip address 192.168.240.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no cdp enable

!

interface GigabitEthernet0/1

no ip address

ip virtual-reassembly

shutdown

duplex auto

speed auto

no cdp enable

no mop enabled

!

!

interface ATM0/0/0

no ip address

load-interval 30

no atm ilmi-keepalive

!

!

interface ATM0/0/0.1 point-to-point

pvc 2/32

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!       

!

interface ATM0/1/0

no ip address

load-interval 30

no atm ilmi-keepalive

!

!

interface ATM0/1/0.1 point-to-point

pvc 2/32

  encapsulation aal5mux ppp dialer

  dialer pool-member 2

!

!

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username password 0

no cdp enable

!

!

interface Dialer1

ip address xxx.xxx.xxx.201 255.255.255.248

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 2

dialer-group 2

ppp authentication pap callin

ppp pap sent-username password 0

no cdp enable

!

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended dmvpn

permit ip 192.168.20.0 0.0.0.255 any

deny   ip any any

!

access-list 100 permit ip 192.168.20.0 0.0.0.255 any

access-list 100 permit ip 192.168.33.0 0.0.0.255 any

access-list 100 permit ip 192.168.240.0 0.0.0.255 any

access-list 110 permit ip 192.168.20.0 0.0.0.255 any

access-list 110 permit ip 192.168.13.0 0.0.0.255 any

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

!

no cdp run

!

!

!

route-map dmvpn-out-sdsl permit 10

match ip address dmvpn

set ip default next-hop xxx.xxx.xxx.201 <-- gateway IP of dialer 1 interface

!

!

!        

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

access-class 110 in

privilege level 15

transport input telnet ssh

transport output none

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

Seems I was overcomplicating things, the fix is as obvious as this:

1) Create 2 ip routes

ip route 255.255.255.255 dialer 1 10

ip route 0.0.0.0 0.0.0.0 dialer 0 20

2) Declare the tunnel source to be the correct interface

No need for route maps. Done.

Review Cisco Networking for a $25 gift card