02-19-2015 10:54 PM - edited 03-05-2019 12:51 AM
Hi,
I have Cisco router 2611 in branch,there is internet connectivity and IPSEC VPN between branch and head office.
I want two configure the second ISP internet link on router for backup,if one ISP connection fails router will automatically shifts on second one
how i achieve this.below is my current router configurations.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
hostname Store_RTR
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key *************** address 124.109.34.78
!
!
!
!
!
crypto ipsec transform-set tset esp-des esp-md5-hmac
!
!
!
crypto map smap 10 ipsec-isakmp
set peer 124.109.34.67
set transform-set tset
match address 101
!
!
!
!
!
interface FastEthernet0/0
ip address 98.87.223.43 255.255.255.252
ip nat outside
crypto map smap
no shut
!
interface FastEthernet0/1
ip address 192.168.3.254 255.255.255.0
ip nat inside
duplex auto
speed auto
no shut
!
i
!
ip route 0.0.0.0 0.0.0.0 58.27.221.41
!
!
ip http server
no ip http secure-server
!
!
ip nat inside source list 111 interface FastEthernet0/0 overload
!
!
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 111 permit ip 192.168.3.0 0.0.0.255 any
!
!
!
!
route-map nat permit 10
match ip address 111
!
!
!
control-plane
!
!
!
!
mgcp fax t38 ecm
!
!
!
!
!
!
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
02-20-2015 03:58 AM
Hi,
You can achieve this by floating static route configuration.
Generally we use default routes for the such setup.
In your case, just configure 2 default routes & put some administrative value higher than the default (viz. 1 for static)
Here's what you need to do:
ip route 0.0.0.0 0.0.0.0 <primary ISP next-hop IP add>
ip route 0.0.0.0 0.0.0.0 <secondary ISP next-hop IP add> <administrative distance(0-255)> # use any value greater than 1 #
Other solution is to configure static routes with TRACK
1. Create Track
2. Map Track with IP SLA ICMP-ECHO Operation to check the reachability
3. Add Track with static route configuration e.g.
ip route 0.0.0.0 0.0.0.0 <next-hop-ip> track 1
02-20-2015 04:27 AM
let me tell best option:
1. Configure the 2 static routes with difference in AD values to serve as primary /seconday
2. Create Track & IP SLA ......# this will check if the ISP gateway IP is reachable or not, track will go down once the ISP gatewat becomes unreachable #
3. Configure the Static route with Track as below:
ip route 0.0.0.0 0.0.0.0 <next-hop-ip-address> track 1
# this route will stay in routing table as long as the Track status is up, means ISP gateway is reachable, if the Track goes down, route will be removed from the routing table & then routing will be done fall back to alternate available routes
02-20-2015 03:50 AM
Hi Junaid ,
Kindly share your topology , like link coming on serial or Ethernet etc so we can give you solution as as per above request there are multiple solution is available like Multihome , CEF etc ..
02-20-2015 03:52 AM
Hi,
Second link will be ADSL.
02-20-2015 03:58 AM
Hi,
You can achieve this by floating static route configuration.
Generally we use default routes for the such setup.
In your case, just configure 2 default routes & put some administrative value higher than the default (viz. 1 for static)
Here's what you need to do:
ip route 0.0.0.0 0.0.0.0 <primary ISP next-hop IP add>
ip route 0.0.0.0 0.0.0.0 <secondary ISP next-hop IP add> <administrative distance(0-255)> # use any value greater than 1 #
Other solution is to configure static routes with TRACK
1. Create Track
2. Map Track with IP SLA ICMP-ECHO Operation to check the reachability
3. Add Track with static route configuration e.g.
ip route 0.0.0.0 0.0.0.0 <next-hop-ip> track 1
02-20-2015 03:58 AM
When 1st link goes down its will shift traffic on secondary one when primary will again up then what happens with traffic either it will remain on second link or use primary???
02-20-2015 04:08 AM
When primary will come up, as per administrative distance, primary route will be selected being default AD of 1
02-20-2015 04:16 AM
Hi,
Great if we can achieve this with just satic routes can you tell me what is purpose of IP SLA.
I mean what is main difference??
02-20-2015 04:27 AM
let me tell best option:
1. Configure the 2 static routes with difference in AD values to serve as primary /seconday
2. Create Track & IP SLA ......# this will check if the ISP gateway IP is reachable or not, track will go down once the ISP gatewat becomes unreachable #
3. Configure the Static route with Track as below:
ip route 0.0.0.0 0.0.0.0 <next-hop-ip-address> track 1
# this route will stay in routing table as long as the Track status is up, means ISP gateway is reachable, if the Track goes down, route will be removed from the routing table & then routing will be done fall back to alternate available routes
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: