I have following network layout uploaded here: diagram Simplified router configurations:
I'm running constant pings to: Server B(192.168.10.1) from Server A (192.168.1.1) as well to the internet (188.8.131.52). When CE1 router is the HSRP active one (standby group for both LAN and ISP facing interfaces) all traffic routes normally with no issues. When I make CE2 router active on ISP side (10.0.0.0/24 network) all traffic routes normally. When I make CE2 router active on LAN side (192.168.1.0) I'm starting getting TTL expired messages when pinging ServerB. Pings to 184.108.40.206 routes normally.
The question is, why am i getting TTL expired messages when trying to route when CE2 is active member of HSRP LAN group.
What i tried:
When i route directly to a CE2 ip address (192.168.1.22) i have no problems (No TTL expiration)
In route map definition i tried following:
set vrf L-LAN
set ip default L-LAN next-hop 192.168.1.254
set ip default global next-hop 192.168.1.254
and combination of these.
Removing policy map from interface fixes issue with routing to ServerB (obviously that disables default traffic going to ASA).
Changed set ip next-hop address to go to Sonicwall does not make difference
CE2 can reach both ISP1 and ISP2 routers via their HSRP or local addresses.
"show standby" shows all expected information (active, standby routers etc)
Cisco ASA has one static route - 192.168.10.0/24 route via 192.168.1.23
Any ideas what else to check?
ISO revisions: Cisco 2921 IOS: 15.4(3)M6 Cisco 1921 ISO: 15.2(4)M2
... View more
Hi All, I would like to find out about best practice to build network around dynamic routing protocol to enable redundancy between all sites. I have a network layout in attachment. Assumptions: Site1 is main site with all internal services running in it (of the 192.168.1.0 network). Site1 is a main IPSEC hub for all IPSEC only sites (Site3) Site2 is a example of site that uses high speed, low latency MPLS network to connect to Site1 and other sites. Site2 uses IPsec based vpn tunnel as a failover Site2, Site3 are configured with EIGRP as a STUB Site1 is configured as EIGRP and it is transition network Site3 whenever connecting to Site2 has to use MPLS network Site3 uses secondary IPSEC tunnel as a backup MPLS_CORE is under control of ISP Questions What is the best practice to allow redistribution between BGP routers (S1_MPLS and S2_MPLS) and EIGRP AS? What is the best practice to setup MPLS network to be primary route for all sources? How to force S1_MAIN router to use MPLS uplink for Site2 subnets ? Does it require disabling split-horizon on interface ? Can I force it to always route traffic for these subnets via S1_Core without setting up route-maps ? Is EIGRP right choice for that type of network ? Regards M
... View more
Hi Akash, Thanks for that. Assuming I dont have control over router that makes decision on that route. How can i influence route decision on it with basic route redistribution from EIGRP (redistribute eigrp 1000) ?
... View more
Hi, I have a couple of 887VA routers under my management. I noticed that none of them is allowing for bigger than 10 Mbit/s transfers via WAN link despite being synced with ie 15 Mbit/s or 17 Mbits/s. I tried different IOS images and ADSL firmwares but it does not change anything. #show controllers vdsl 0 Firmware Source File Name (version) -------- ------ ------------------- VDSL user config flash:vdsl.bin-A2pv6C035j1 (10) Modem FW Version: 120330_1738-4.02L.03.A2pv6C035j0.d23j Modem PHY Version: A2pv6C035j0.d23j Vender Version: Ap6v35j.23j 68 DS Channel1 DS Channel0 US Channel1 US Channel0 Speed (kbps): 0 15354 0 1021 As you can see modem syncs with 15 M. I should practically get that speed sometimes (off peak hours). I measure that by speedtest.net but also tried to download via ftp from ISP's server etc. Never exceeded 10 Mbits. I have a 3 more routers connected to same ISP (Eircom Ireland) and same problems. Is there anything on 887VAs that would stop reaching maximum bandwidth ? I attached example config - dont look at acls as it was mostly removed. Also couple of objects etc to not include ip addresses. #show interfaces fastEthernet 0 FastEthernet0 is up, line protocol is up Hardware is Fast Ethernet, address is 442b.03cd.7a9a (bia 442b.03cd.7a9a) MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s
... View more