tank´s for your response

but what about that number "20" you wrote before the name, what is it means?  or  what it is for ?

regards.

Hi Luis, 

It is any number, the administrative distance for static routes is 1. I wrote 20 but it could be any number into the range 1 - 255. The lowest value will be always preferred. 

Sintaxis:

ip route <destination network> <subnet mask> <next hop IP> < (1 - 255) administrative distance> 

If you have 2 static routes for identical destination, example:

ip route 0.0.0.0 0.0.0.0 192.168.18.250 name Primary
ip route 0.0.0.0 0.0.0.0 192.168.18.18 name Secondary

You can add a higher value than 1 for the back up route, so if the primary route is down the traffic will be moved through the backup.

ip route 0.0.0.0 0.0.0.0 192.168.18.250 name Primary
ip route 0.0.0.0 0.0.0.0 192.168.18.18  5 name Secondary

:-)

ok totaly get it now

when i received your email, i was reading the info in the link you sent.

thank and regards

sorry for so late response, but i I could not try until yesterday

Its not working, i set up the floating route as you told me, and for do a test, i just turned off mi main firewall and i lost internet, then i try to set up the second ip route, (i mean the floating route) like a secondary DNS in mi pc and still i have not internet.

should i do something more ??? some test before turn off the main firewall ?

thanks and regards.

Hi Luis,

Will be a pleasure to assist you, do have a diagram to share? may be we could implement HSRP. 

have no diagram but let me explain you mi Lan

The switch (catalyst 3750) is the DHCP, VTP and spanning tree server for all the lan an also its doing the static route´s (we have 9 more catalyst switch´s in the campus)

We have 23 vlan for production, and 2 aditional for ISP, one for each ISP we have, also we have in work 5 Access-List, in those all the vlans have acces to the IP for the Main Server UTM Sophos 9.4 (Gateway-Internet DNS-Firewall, is a PC), and also all the vlans have acces to the IP for the second server (VM in a server, ClearOS 7, not a PC), the last one is the one we want to use only like a gateway in transparent mode NO Firewall, the one for the floating route

The second ISP is only for backup the internet service and is only for 3 vlan´s, only the most important of them , that job is done by the UTM Sophos 9.4, in al  l the Pc in the campus the DNS are pointing to the main server, and we are testing the floating route by setting the second server like a secondary DNS for PC, and turnin off the main one, and that is the test wich doesnt work

for both server we have good ping result from any Vlan.

i guess that is all, please for any question, doit at any time

PD: by the way, what about use both server at the same time for all the lan, not like a floating route, is that posible ?, that is a project for the future, so Would you mind point me to the manual o correct reference please.

Thank you Luis, 

If you like we can talk spanish, at the meantime I understand the Main Server UTM Sophos 9.4 has NAT role in order to get Internet access through the primary ISP. 

Is similar situation with the back up ISP, what device is making NAT?

About the last question, usually we have a primary link and a backup but you could redistribute the traffic via different ISP's using a firewall or using BGP.

Los 2 ISP son administrados por el UTM y el nateo se realiza en su mayoria por la interfaz del ISP Principal, solo el acceso a nuestra plataforma Escolar tiene Nateo atravez de los 2 ISP al mismo tiempo, la interfaz del ISP secundario esta en modo Standby, en espera de que la primera Falle

en el segundo servidor no tengo ningun tipo de nateo, aun no llego a esa parte, lo primero que necesito hacer es que se pueda usar como gateway par adistribuir internet en caso de que el UTM Sophos falle

Buenos dias Luis,

Una consulta, como tiene configuradas 2 rutas por defecto (0.0.0.0 0.0.0.0 <siguiente salto>)apuntando a diferentes siguientes saltos, para el backup el dispositivo o servidor deberia de tener un NAT para salir a Internet y saber como regresar los paquetes a las redes internas, seria el mismo proceso que hace el dispositivo del camino primario.

La ruta estatica flotante funciona de esta manera:

La primaria si detecta que el siguiente salto esta caido, ya no sera funcional esta ruta estatica y entrara en funcionamiento la de backup siempre y cuando el siguiente salto configurado este activo.

Si usted apaga el dispositivo primario y ejecuta un tracert desde una computadora, el camino deberia de ser por el camino de backup, siempre y cuando el dispositivo del backup este encendido.

Los unicos dispositivos que pueden hacer NAT son Routers, Firewalls y talvez en algunos caso servidores. 

any comment ?

in english this time;

The 2 ISPs are managed by the UTM and the nat is done mostly by the interface of the Primary ISP, only access to our School platform has Nat through the 2 ISPs at the same time, the secondary ISP interface is in Standby mode , Waiting for the first  one fail in some how

On the second server I do not have any type of nat, I still do not get to that part, the first thing I need to do is that server can be used as a gateway to serve internet in case the UTM Sophos fails

any coment ?, i let you my "sh run" result if is helpfull for you,, please be my guest

alguna respuesta ?, te dejo el sh run por si te es util

thanks in advance, i will be waiting

gracias...

Buenas noches Luis,

Muchas gracias, voy a revisar el documento.

saludos