I am trying to get the ADSL failover to work however am not sure if I have the config correct. It should be able to failover to the NAT and have any interfaces using NAT (such as 1 and 99, be able to use the ADSL), I am not worried about anything else.
I believe the route maps are my issue, but not sure if that is the case as I currently cannot get the VPN to route when at all, it is connected but not able to pass traffic, this I believe is a NAT issue.
track 1 ip sla 1 reachability delay down 1 up 2 ! track 2 ip sla 2 reachability delay down 1 up 2 ! interface GigabitEthernet0/0 description Connection to EtherFlow Cct ETHA00125935/ETHC00 ip address x.x.x.x 255.255.255.254 ip flow ingress ip nat outside ip virtual-reassembly in duplex full speed auto crypto map xxxxxxxxxxxxxxx ! interface GigabitEthernet0/1 description ** Local LAN ** no ip address ip flow ingress duplex auto speed auto ! interface GigabitEthernet0/1.1 description native ** Native VLAN ** encapsulation dot1Q 1 native ip address 192.168.101.254 255.255.255.0 ip flow ingress ip nat inside ip virtual-reassembly in ip policy route-map PBR ! interface GigabitEthernet0/1.3 description ** xxxxxx VLAN ** encapsulation dot1Q 3 ip address x.x.x.x 255.255.255.240 ip flow ingress ! interface GigabitEthernet0/1.99 encapsulation dot1Q 99 ip address 192.168.99.1 255.255.255.0 ip flow ingress ip nat inside ip virtual-reassembly in ! interface ATM0/0/0 description ** Physical ADSL interface ** no ip address no ip proxy-arp no atm ilmi-keepalive snmp ifindex persist pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! interface Dialer1 description *** ADSL *** ip address negotiated no ip unreachables no ip proxy-arp ip mtu 1452 ip nat outside ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname xxxxxxxxxxxxxxxx ppp chap password xxxxxxxxxxxxxxxxxxx no cdp enable ! ip nat inside source list 99 interface GigabitEthernet0/0 overload ip nat inside source route-map ADSL interface Dialer1 overload ip nat inside source route-map WAN interface GigabitEthernet0/0 overload
! ip route 0.0.0.0 0.0.0.0 x.x.x.x 10 ip route 0.0.0.0 0.0.0.0 Dialer1 20 ip route 188.8.131.52 255.255.255.255 x.x.x.x ip route 192.168.102.0 255.255.255.0 x.x.x.x ! ip access-list extended xxxxx-VPN permit ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255 ! ip sla auto discovery ip sla 1 icmp-echo 184.108.40.206 source-interface GigabitEthernet0/0 threshold 1000 timeout 2000 frequency 2 ip sla schedule 1 life forever start-time now
! ip sla 2 icmp-echo 220.127.116.11 source-interface Dialer1 threshold 1000 timeout 2000 frequency 2 ip sla schedule 2 life forever start-time now
! access-list 99 permit 192.168.99.0 0.0.0.255 access-list 101 deny ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255 access-list 101 permit ip 192.168.101.0 0.0.0.255 any ! route-map WAN permit 10 match ip address 1 101 match interface GigabitEthernet0/0 ! route-map ADSL permit 10 match ip address 1 101 match interface Dialer1 ! route-map PBR permit 10 match ip address 1 101 set ip next-hop verify-availability 18.104.22.168 1 track 2 ! route-map PBR permit 20 match ip address 1 101 set ip next-hop verify-availability 22.214.171.124 2 track 1 !
To optimize the database description (DBD) packet exchange between two OSPF neighbors, use the compatible rfc5243 in router configuration mode or address family configuration mode for OSPFv3 AF. To disable RFC5243 optimization, use the no form of this com...
We said always that OSPF is a link-state routing protocol.For most engineer stuying CCNA or CCNP, OSPF is misunsdertanding.In reality, OSPF is a link-state routing protocol only within an area (intra-area); but almost a distance-vector routing protocol be...
A brief difference between ISIS and OSPF link state protocolsISIS and OSPF belongs to the same routing protocol family Link State, but if you study the two routing protocols, you will find several differences, in this article you will get the answer about...
The OSPF Type-2 LSA is one of the misunderstanding LSA among all the popular LSAs in OSPF , most people learns that this kind of LSA (Type-2) is generated by DR the Designated Router in a broadcast segment, for example when two or more than two routers ar...
Table of Contents
RADIUS has been the de-facto protocol for Remote Access Authentication for decades. RADIUS/UDP as defined by RFC 2865 has traditionally used MD5 for authentication and integrity. Unfortunately, successful attacks ...