Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1788
Views
13
Helpful
16
Replies

Cisco 2951 Dual-ISP Fail-over Without SLA or BGP

Go to solution
ald14win001
Level 1
Level 1

‎06-29-2016 10:46 AM - edited ‎03-08-2019 06:25 AM

Hello Everyone,

Just wanna ask if, what will I do to configure the following:

I HAVE 2 ISP's WHICH IS CONNECTED TO MY CISCO ROUTER

ISP 1 (IP: 58.58.58.58/27)>>>>Cisco Router<<<<ISP 2 (IP: 59.59.59.59/30)

ROUTER 2951

Gi0/0 ====>>>>> ISP Modem (IP Address: 58.58.58.58/27)

Gi0/1 ====>>>>> ISP Modem (IP Address: 59.59.59.59/30)

Gi0/2 ====>>>>> LAN (IP: 10.0.10.0/23)

THANKS!!!

Labels:
0 Helpful
16 Replies 16

Go to solution
ald14win001
Level 1
Level 1
In response to Richard Bradfield

‎07-04-2016 11:46 AM

Hello Richard,

Here's the whole config. Whenever I shutdown the BACKUP ISP, why does the ping in my PC to 8.8.8.8 become Request Timed Out but there is internet connection when I open the browser. Another problem is that when I switch from Primary ISP to Backup ISP theres Time out also on my Ping on the PC. Is there a problem with the routing or nat? Please Help me. Thanks

=============================================================

Building configuration...

Current configuration : 5193 bytes
!
! Last configuration change at 12:31:43 GMT Mon Jul 4 2016 by altec
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname PHABSRO01
!
boot-start-marker
boot-end-marker
!
!
no logging console
enable secret 5 $1$dehv$Lb1eyKFdDdhfF0gOFObu
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone GMT -6 0
!
!
crypto pki trustpoint TP-self-signed-2633843759
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2633843759
revocation-check none
rsakeypair TP-self-signed-2633843759
!
!
crypto pki certificate chain TP-self-signed-2633843759
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32363333 38343337 3539301E 170D3136 30343232 30303537
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36333338
34333735 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DD29 17B62779 F685E78B A6089471 7D122152 32AD50D0 6C4AD3B3 3EC921E2
99D51021 2A0009F0 11784564 9671BBF5 F0D18EC1 C608A418 3C333CF9 0CC71DC7
7EA59625 3A8BFEB4 9F93B128 3C5DB7E0 4A73E620 48A4EC81 B599069A 90FB651E
D9369884 ADF53D40 63D9FE9A 35719F95 DBF6825A 11960FCC C8FCCD1B 10ED911D
97BB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 142726ED 6349EB9E F369F177 DE95F20F 72D69356 D0301D06
03551D0E 04160414 2726ED63 49EB9EF3 69F177DE 95F20F72 D69356D0 300D0609
2A864886 F70D0101 05050003 81810064 81EDDBE3 37C81E29 A4939114 826C53DD
90D99054 2D2C6D4C C3368338 ACBCE1DA A9940078 F85253E6 0D676C01 34EC2499
D2985B58 AFACB18C 51D8A8EE 6973F81C 8E68F3EE 77D4CA52 1A105D50 3CD12500
8C07287C 69D14F48 D4374E00 DABFF889 29F39CB1 A58CD415 E35385B2 AC959A81
415F23B1 190C8B24 38EFFEF0 E43422
quit
!
!
!
!
!
!
!
!
!
!
!
!
!
ip name-server 121.58.250.195
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
cts logging verbose
license udi pid CISCO2951/K9 sn FJC1941A0TY
!
!
username admin privilege 15 secret 5 $1$y9QH$ysAWFM.Gu.LBQ.vJkaNq
username altec privilege 15 secret 5 $1$JlZh$dNsI45Ic4NU7Z3af0Ou.
!
redundancy
!
!
!
!
!
track 10 ip sla 1 reachability
delay down 1 up 10
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key default address 198.105.204.212
!
!
crypto ipsec transform-set Five9 esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map CMAP 10 ipsec-isakmp
set peer 198.105.204.212
set transform-set Five9
match address Five9-List
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ===ConvergeWAN===
ip address 11.125.86.194 255.255.255.224
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/1
description <<<<<PLDTWAN>>>>>
ip address 158.71.72.174 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/2
description Altec LAN
ip address 10.0.10.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload
ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 11.125.86.193 track 10
ip route 0.0.0.0 0.0.0.0 158.71.72.173 100
!
ip access-list extended Five9-List
permit ip 10.0.10.0 0.0.1.255 38.107.71.0 0.0.0.255
permit ip 10.0.10.0 0.0.1.255 198.105.200.0 0.0.0.255
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
threshold 3000
frequency 5
ip sla schedule 1 life forever start-time now
!
route-map CONVERGE permit 10
match ip address 103
match interface GigabitEthernet0/0
!
route-map PLDT permit 10
match ip address 103
match interface GigabitEthernet0/1
!
!
snmp-server community public RO
access-list 103 permit ip 10.0.10.0 0.0.1.255 any
!
!
!
control-plane
!
!
banner motd ^CC
************************************************
* WARNING: Unauthorized Access Prohibited *
* Access on this gateway are punishable by the *
, under*
* RA 1987. *
* -ALTEC *
************************************************
^C
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output none
stopbits 1
line vty 0 4
password 7 015226084F5805417815
transport preferred telnet
transport input all
transport output all
!
scheduler allocate 20000 1000
event manager applet check-isp
event track 1 state any
action 1.0 cli command "enable"
action 1.5 cli command "clear ip nat trans *"
action 2.0 syslog priority notifications msg "Nat translation cleared!"
!
end

0 Helpful

Go to solution
Richard Bradfield
Level 6
Level 6
In response to ald14win001

‎07-04-2016 04:06 PM

Please see the link below, also I don't think you need to clear NAT translations. but otherwise your configuration looks ok, the link bekow does go into detail, I hope it will help you.

https://supportforums.cisco.com/document/32186/dual-internet-links-nating-pbr-and-ip-sla

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card