dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1009
share rss forum feed

ahmedahmed

join:2012-12-07
Saskatoon, SK

Need to Have both ISP to access internet/servers

I need help to configure a Cisco 2911 router, It has two ISP one as primary 216.140.140.0, and secondary for backup as 216.150.150.0.
I need to be able to access both the ISP's using the same interface Gi0/1.
Since we have servers that have to have specific IP both when accessed and when accessing the internet so I used static Nat for the servers and Dynamic for all others.
I did the following configuration but it does not work as i want it, if i unplug the Primary ISP from the unmanaged switch the secondary cant access the Internet or network.The secondary only works when the primary and secondary are both connected at the same time.
Even though I have been advised to use a sub-interface instead of a secondary Ip address (which worked when I used it) I need to use the same interface using a unmanaged switch to which the outside interface of the router is connected and the two ISP's.
Please Let me know what I can do to make this work.
Below is my configuration.

interface GigabitEthernet0/0

ip address 10.0.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1

ip address 216.150.150.4 255.255.255.0 secondary
ip address 216.140.140.2 255.255.255.224
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

!
ip nat inside source route-map Primary interface GigabitEthernet0/1 overload
ip nat inside source route-map Secondary interface GigabitEthernet0/1 overload

ip nat inside source static 10.0.0.52 216.140.140.4 route-map Primary
ip nat inside source static 10.0.0.53 216.140.140.5 route-map Primary
ip nat inside source static 10.0.0.59 216.140.140.6 route-map Primary
ip nat inside source static 10.0.0.61 216.140.140.7 route-map Primary
ip nat inside source static 10.0.0.228 216.140.140.8 route-map Primary
ip nat inside source static 10.0.0.16 216.140.140.11 route-map Primary
ip nat inside source static 10.0.0.30 216.140.140.12 route-map Primary
ip nat inside source static 10.0.0.251 216.140.140.13 route-map Primary
ip nat inside source static 10.0.0.44 216.140.140.15 route-map Primary
ip nat inside source static 10.0.0.54 216.140.140.16 route-map Primary
ip nat inside source static 10.0.0.23 216.140.140.17 route-map Primary
ip nat inside source static 10.0.0.58 216.140.140.18 route-map Primary
ip nat inside source static 10.0.0.230 216.140.140.19 route-map Primary
ip nat inside source static 10.0.0.216 216.140.140.21 route-map Primary
ip nat inside source static 10.0.0.220 216.140.140.22 route-map Primary
ip nat inside source static 10.0.0.33 216.140.140.25 route-map Primary
ip nat inside source static 10.0.0.21 216.140.140.26 route-map Primary TREAM
ip nat inside source static 10.0.0.22 216.140.140.27 route-map Primary
ip nat inside source static 10.0.0.24 216.140.140.28 route-map Primary
ip nat inside source static 10.0.0.25 216.140.140.29 route-map Primary
ip nat inside source static 10.0.0.59 216.150.150.5 route-map secondary
ip nat inside source static 10.0.0.52 216.150.150.6 route-map secondary
ip nat inside source static 10.0.0.53 216.150.150.7 route-map secondary
ip nat inside source static 10.0.0.16 216.150.150.8 route-map secondary
ip nat inside source static 10.0.0.58 216.150.150.9 route-map secondary
ip nat inside source static 10.0.0.59 216.150.150.10 route-map secondary
ip nat inside source static 10.0.0.61 216.150.150.11 route-map secondary
ip route 0.0.0.0 0.0.0.0 216.140.140.1
ip route 0.0.0.0 0.0.0.0 216.150.150.254 10

access-list 100 permit ip 10.0.0.0 0.255.255.255 any

route-map secondary permit 10
match ip address 100
set ip next-hop 216.150.150.254
!
route-map primary permit 10
match ip address 100
set ip next-hop 216.140.140.1

DocLarge
Premium
join:2004-09-08
kudos:1

3 edits
Just a question, being that I'm tucked away in a corner these days and not on the keyboards much at all, is there any routing protocol involved we're not seeing on your config? Additionally, you're just after having one of the ISP's as a backup, correct?

You could "possibly" use "IP SLA Tracking" as a means of establishing your primary and backup routes:

»www.firewall.cx/cisco-technical-···sic.html

I've configured this in a test environment on occasions and it's still cool watching it work

Just Yahoo or Google "IP SLA Tracking" or "IP SLA Monitoring" and you'll find more information should this be an approach you want to take.

The second thing to consider is "policy-based routing." I noticed you have set an ip address as your "next hop" in your route-map statement, but I don't see a policy configured on an interface that would tell the router to send traffic in "that" particular direction (unless I overlooked something):

»www.cisco.com/en/US/docs/ios/12_···icy.html

Perhaps a different approach may be in order?

Regardless, see if any of the above information may be of use to you...

Jay

markysharkey
Premium
join:2012-12-20
united kingd
reply to ahmedahmed
Have you considered adding an extra bit of hardware? I know it's not the answer you've asked for but in these situations (multiple WAN options) I usually install a Peplink 310. It can be set to fail over, policy based routing or per session load balancing. Check out www.peplink.com
It sits in the LAN, behind the WAN routers but in front of the Distribution Layer switch.