06-11-2012 08:07 AM - edited 03-04-2019 04:38 PM
Hello,
It's probably simple but i didn't find answer. I have one interface with two ISP connected to it. I want to define static routing over secondary IP like this:
ip route 0.0.0.0 0.0.0.0 46.173.195.45
ip route 194.15.180.9 255.255.255.255 83.30.280.237
After enter second ip route i can't connect to 194.15.180.9. It's not ISP problem or wire problem. Dont have BGP, EIGRP or OSPF
My Interface configuration below.
Thanks for any help.
interface GigabitEthernet0/0
description internet
ip address 83.30.280.238 255.255.255.252 secondary
ip address 46.173.195.46 255.255.255.252
ip nat outside
ip virtual-reassembly in
no ip split-horizon
duplex auto
06-11-2012 08:25 AM
Can you source from your secondary address and get to it?
Sent from Cisco Technical Support iPhone App
06-11-2012 08:33 AM
Ip is change in this example not real. When i changed:
ip address 83.30.280.238 255.255.255.252 secondary
ip address 46.173.195.46 255.255.255.252
to:
ip address 83.30.280.238 255.255.255.252
ip address 46.173.195.46 255.255.255.252 secondary
and
ip route 0.0.0.0 0.0.0.0 83.30.280.237
then i go to internet with this 83.30.280.238 ip.
So yes it's 100% work. I read somewhere that there is problem with routing on secondary IP. Cisco router send packet from primary IP. But there must be some solution.
My hardware cisco 1921.
06-11-2012 09:01 AM
Use Policy Routing instead of a static route, create an extended access list to match interesting traffic and define next hop IP as 83.30.280.237 using a route-map for the traffic defined in ACL. apply policy to the interface that will be used to send traffic out, using " ip policy route-map XXXX" where XXXX is the name of route map.
---
Posted by WebUser Neeraj Jagga from Cisco Support Community App
06-11-2012 10:47 AM
Dosent work. I go out with 46.173.195.46(connection work but dosent change IP) but i should with 83.30.280.238. I test it using ssh to host in 194.140.240.0.
It's funny but when I applay "ip policy route map test" to input interface not output then show route-map statistics counting, but when i applay to output as below then statistics stop, and dosent count it
access-list 116 permit ip any 194.140.240.0 0.0.0.255
route-map test permit 11
match ip address 116
set ip next-hop 83.30.280.237
set ip default next-hop 83.30.280.237
interface GigabitEthernet0/0
description internet
ip address 83.30.280.238 255.255.255.252 secondary
ip address 46.173.195.46 255.255.255.252
ip nat outside
ip virtual-reassembly in
no ip split-horizon
ip policy route-map test
duplex auto
I should applay route-map to incoming or outgoing interface ? Incoming is my LAN, outgoing is internet. GigabitEthernet 0/0 is internet. On other exmaples i found:
"Step 3: Apply the Route-Map to the router interface that the traffic enters into
RouterA(config)#interface gig0/1
RouterA(config-int)#ip policy route-map Traffic_to_ISP_A"
06-11-2012 11:59 AM
Please apply the route map to outgoing interface....befor that, can you remove default next hop line and permit 11 from route-map. check the counters on ACL to see if traffic is being matched and also run show route-map command to what policy routing matches line reads, the counters should increment.
---
Posted by WebUser Neeraj Jagga from Cisco Support Community App
06-11-2012 12:40 PM
I have to applay ip policy route-map to my internal LAN interface(incoming) with 192.168.2.X class. Second thing is to make good maping NAT table, IP's which have to outgoing with 83.30.280.238 one nat pool, and which goes with 46.173.195.46 second nat pool. Now it's work ok THANKS.
06-11-2012 01:37 PM
In the first place I do not believe that Policy Based Routing will solve this issue. And if you are going to try PBR then the route map is applied to the inbound interface not the outbound interface.
Putting two different IP addresses poses some challenges in getting the router to work. If you are talking about packets sourced from the router itself the case is pretty clear - Cisco routers use the primary interface address as the source address of any packets generated by the router itself. And that seems to explain why connectivity worked when the original poster changed the order of the interface addresses.
Packets source by some inside device and routed through the router are not affected by the fact that the router always uses the primary address, unless the router is doing address translation using overload for the interface address. The original poster has not told us how they are doing address translation so we can not know whether the primary address/secondary address is impacting traffic or not.
If the address translation specifies the address or an address pool rather than interface overload then I would think that both addresses should work ok for traffic that is generated from a host inside.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide