Solved: Re: Dual ISP test in Packet Tracer

cole04241 · ‎12-17-2021

I am working on a configuration where I will have two switches at the edge that will serve as the termination points for my two ISPs. Ultimately, I would like utilize both connections for various reasons but for now this will just provide failover and redundancy. I have it mocked up in packet tracer but I am having trouble with getting my hosts on the LAN to communicate. The hosts can ping their gateways and the WAN side of the HQ router but cannot ping the ISPs. I think I might be having a VLAN communication issue but not sure.

I have attached my diagram and configs. Any help would be greatly appreciated.

Martin L · ‎12-18-2021

I think Type of failover and redundancy you trying to implement is called Policy-based Routing. PBR will give you automatic failover and redundancy however, it will not work in PT as PT is just a software simulator, it doesn't have nor uses real IOS. You may want to use GNS3 which is emulator and you will need one of few supported real IOS like IOS 15.x from 7200s routers. The policy-based routing, I think, is still CCNP topic, so you will need to do some research.

Note: PT from Cisco Net Academy is just a software Simulator; it does not run on real IOS or virtual IOS; It is close to IOS but It does not really behave like real IOS would (some simply features do). PT is excellent tool to learn and practice networking fundamentals and commands for CCNA exam.

Regards, ML
**Please Rate All Helpful Responses **

View solution in original post

Reza Sharifi · ‎12-17-2021

Not familiar with PT but from the HQ 2800-router, are you able to ping 175.10.0.1 and 175.20.0.1?

Also, from the same router, are you able to ping hosts in 192.168.10.0/24 and 192.168.20.0/24 subnets?

HTH

cole04241 · ‎12-17-2021

Yes, I am able to ping 175.10.0.1 and 175.20.0.1 as well as 192.168.10.0/24 and 192.168.20.0/24 subnets from the router. The issue is the hosts in the 192.168.10.0/24 and 192.168.20.0/24 subnets are not able to ping 175.10.0.1 or 175.20.0.1.

Georg Pauwen · ‎12-17-2021

Hello,

post your zipped Packet Tracer project (.pkt) file...

cole04241 · ‎12-17-2021

.zip file attached.

Martin L · ‎12-17-2021

1st of all, ISP cannot and will not have any destination to Private range like 192.168.0.0/24 ranges in routing table and ISP routers will drop any traffic from/to Private IP range (ISP has ACLs blocking those ranges). You would get Private IP address or range and translate your internal private range to that private IP (or range of IPs). That is why we have NAT. If we assume that your ISP lets you route private range of addresses (i.e via ur private VPN), then you do not need NAT on edge router.

2nd, HQ edge router has NAT issue and cannot translate IPs and drops traffic. Your NAT points to GigabitEthernet0/0 overload but that interface has no IP assigned as it's sub-divided into 2 sub-interfaces. Changing Gig0/0 into 0/0.100 will solve 1 of 2 NAT issues but also provides another dilemma.

Regards, ML
**Please Rate All Helpful Responses **

cole04241 · ‎12-18-2021

Thank you for your reply, I made the changes suggested and I am now able to reach across from the hosts on the LAN. You are right though, If I disconnect the main connection to ISP1 I cannot route my traffic to ISP2. I have tried configuring a new access list and NAT statement to point to g0/0.200 but it does not seem to be working. Are there additional statements needed?

ip nat inside source list NAT-LAN interface GigabitEthernet0/0.100 overload

ip nat inside source list NAT-LAN1 interface GigabitEthernet0/0.200 overload

ip classless

ip route 0.0.0.0 0.0.0.0 175.10.0.1

ip route 0.0.0.0 0.0.0.0 175.20.0.1 200

!

ip flow-export version 9

!

ip access-list standard NAT-LAN

permit 192.168.10.0 0.0.0.255

permit 192.168.20.0 0.0.0.255

ip access-list standard NAT-LAN1

permit 192.168.10.0 0.0.0.255

permit 192.168.20.0 0.0.0.255

Georg Pauwen · ‎12-18-2021

Hello,

the first thing I noticed is an incorrect NAT statement. Replace:

ip nat inside source list NAT-LAN interface GigabitEthernet0/0 overload

with

ip nat inside source list NAT-LAN interface GigabitEthernet0/0.100 overload

cole04241 · ‎12-18-2021

Thank you, this was very helpful. You guys rock!

cole04241 · ‎12-18-2021

If I disconnect the main connection to ISP1 I cannot route my traffic to ISP2. I have tried configuring a new access list and NAT statement to point to g0/0.200 but it does not seem to be working. Are there additional statements needed?

ip nat inside source list NAT-LAN interface GigabitEthernet0/0.100 overload

ip nat inside source list NAT-LAN1 interface GigabitEthernet0/0.200 overload

ip classless

ip route 0.0.0.0 0.0.0.0 175.10.0.1

ip route 0.0.0.0 0.0.0.0 175.20.0.1 200

!

ip flow-export version 9

!

ip access-list standard NAT-LAN

permit 192.168.10.0 0.0.0.255

permit 192.168.20.0 0.0.0.255

ip access-list standard NAT-LAN1

permit 192.168.10.0 0.0.0.255

permit 192.168.20.0 0.0.0.255

Georg Pauwen · ‎12-18-2021

Hello,

--> ip route 0.0.0.0 0.0.0.0 175.20.0.1 200

The administrative distance of '200' prevents that route from being installed in your routing table. Remove that and try again:

--> ip route 0.0.0.0 0.0.0.0 175.20.0.1

Martin L · ‎12-18-2021

I think Type of failover and redundancy you trying to implement is called Policy-based Routing. PBR will give you automatic failover and redundancy however, it will not work in PT as PT is just a software simulator, it doesn't have nor uses real IOS. You may want to use GNS3 which is emulator and you will need one of few supported real IOS like IOS 15.x from 7200s routers. The policy-based routing, I think, is still CCNP topic, so you will need to do some research.

Note: PT from Cisco Net Academy is just a software Simulator; it does not run on real IOS or virtual IOS; It is close to IOS but It does not really behave like real IOS would (some simply features do). PT is excellent tool to learn and practice networking fundamentals and commands for CCNA exam.

Regards, ML
**Please Rate All Helpful Responses **