Solved: Hi,You can achieve this by

junaid haroon · ‎02-19-2015

Hi,

I have Cisco router 2611 in branch,there is internet connectivity and IPSEC VPN between branch and head office.

I want two configure the second ISP internet link on router for backup,if one ISP connection fails router will automatically shifts on second one

how i achieve this.below is my current router configurations.

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec

hostname Store_RTR
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog

!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
no ip domain lookup

!
!
!
!
!
!
voice-card 0
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key *************** address 124.109.34.78
!
!
!
!
!
crypto ipsec transform-set tset esp-des esp-md5-hmac
!
!
!
crypto map smap 10 ipsec-isakmp
set peer 124.109.34.67
set transform-set tset
match address 101
!
!
!
!
!
interface FastEthernet0/0
ip address 98.87.223.43 255.255.255.252
ip nat outside
crypto map smap
no shut

!
interface FastEthernet0/1
ip address 192.168.3.254 255.255.255.0
ip nat inside
duplex auto
speed auto
no shut
!
i
!
ip route 0.0.0.0 0.0.0.0 58.27.221.41
!
!

ip http server
no ip http secure-server
!
!
ip nat inside source list 111 interface FastEthernet0/0 overload
!
!
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 111 deny ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 111 permit ip 192.168.3.0 0.0.0.255 any
!
!
!
!
route-map nat permit 10
match ip address 111
!
!
!
control-plane
!
!
!
!
mgcp fax t38 ecm
!
!
!
!
!
!

!
scheduler allocate 20000 1000
end

Ashok Kumar · ‎02-20-2015

Hi,

You can achieve this by floating static route configuration.

Generally we use default routes for the such setup.

In your case, just configure 2 default routes & put some administrative value higher than the default (viz. 1 for static)

Here's what you need to do:

ip route 0.0.0.0 0.0.0.0 <primary ISP next-hop IP add>

ip route 0.0.0.0 0.0.0.0 <secondary ISP next-hop IP add> <administrative distance(0-255)> # use any value greater than 1 #

Other solution is to configure static routes with TRACK

1. Create Track

2. Map Track with IP SLA ICMP-ECHO Operation to check the reachability

3. Add Track with static route configuration e.g.

ip route 0.0.0.0 0.0.0.0 <next-hop-ip> track 1

View solution in original post

Ashok Kumar · ‎02-20-2015

let me tell best option:

1. Configure the 2 static routes with difference in AD values to serve as primary /seconday

2. Create Track & IP SLA ......# this will check if the ISP gateway IP is reachable or not, track will go down once the ISP gatewat becomes unreachable #

3. Configure the Static route with Track as below:

ip route 0.0.0.0 0.0.0.0 <next-hop-ip-address> track 1

# this route will stay in routing table as long as the Track status is up, means ISP gateway is reachable, if the Track goes down, route will be removed from the routing table & then routing will be done fall back to alternate available routes

View solution in original post

Khalid Qazi · ‎02-20-2015

Hi Junaid ,

Kindly share your topology , like link coming on serial or Ethernet etc so we can give you solution as as per above request there are multiple solution is available like Multihome , CEF etc ..

junaid haroon · ‎02-20-2015

Hi,

Second link will be ADSL.

Ashok Kumar · ‎02-20-2015

Hi,