Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...I think this forum rocks it has saved my bacon many many times..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Communications Rack > Networking > Cisco: Routers Forum

ping response on both interface with multihoming setup

thread557-1687427
Read More Threads Like This One
szpuni (TechnicalUser)
4 Jul 12 8:27
Hello,

I was doing recently multihomed setup on one of my cisco routers and I ran into problem which I can't solve till now.

Basically there is 2 ISP connections and one private subnet range.
Problem is when i'm using default gateway I can't ping backup interface due to packet is not coming back over backup interface but main one instead.

Any ideas how I can force ping responses sent to Fa8 to go back over same interface not by gig0 interface?

gigabit0 interface is my main interface by which I sent most of traffic and fastethernet8 is interface for backup connection and to send traffic by only one host from subnet.

Interesting part of configuration:

Quote:

interface FastEthernet8
description ISP_B
ip address 2.2.2.2 255.255.255.252
ip nat outside
no ip virtual-reassembly
duplex full
speed 100
!
!
interface GigabitEthernet0
description ISP_A
ip address 1.1.1.1 255.255.255.240
ip access-group acl_fcc_in in
ip nat outside
no ip virtual-reassembly
duplex full
speed 100
crypto map cm-cryptomap
!
!
interface Vlan1
ip address 192.168.100.4 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map ISP_Policy

ip nat inside source route-map ISPA interface GigabitEthernet0 overload
ip nat inside source route-map ISPB interface FastEthernet8 overload

ip access-list extended backup_isp
deny ip 192.168.100.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip host 192.168.100.153 any
permit ip host 192.168.100.151 any
deny ip any any

ip access-list extended NAT
deny ip any 10.0.0.0 0.255.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 172.16.0.0 0.15.255.255
permit ip 192.168.100.0 0.0.0.255 any

route-map ISPB permit 10
match ip address NAT
match interface FastEthernet8
!
route-map ISPA permit 10
match ip address NAT
match interface GigabitEthernet0
!
route-map ISP_Policy permit 10
match ip address backup_isp
set ip next-hop 2.2.2.1
unclerico (IS/IT--Management)
4 Jul 12 12:09
what address are you sourcing your icmp traffic from and what address are you trying to hit?? are you trying to hit your next-hop of 2.2.2.1 or something else further downstream??

chieftan (MIS)
5 Jul 12 4:32
Unclerico, that was my thoughts exactly.

If you are trying to ping that interface from an address on the other subnet, then the echo reply will respond back down the same initiating route.... it will not use a different route to respond on.

So, for example, if you are pinging the fa8 interface via the gi0 interface then the echo response will return the same way, via the gi0 interface.
szpuni (TechnicalUser)
12 Jul 12 11:03
Hello,

Sorry was away from computer for some time :)

I want to get response from both WAN interfaces in the same time while trying to ping them from internet not from inside network.
There is a simple diagram showing that:



Basically if I ping WAN1 (that computer at the top of diagram ) which is my gateway of last resort I got response from that IP but if I ping backup WAN2 interface I have no response cause packet is routed by WAN1 instead of WAN2.

And I'm trying to ping addresses of both interfaces Gig0 and Fa8 not next hops as next hops are my gateways for both ISP providers.
Any ideas?
unclerico (IS/IT--Management)
14 Jul 12 15:23
because your default route is pointing to ISPA, all of your return traffic will go that way. now, if you had floating statics for both ISPA and ISPB then there is a chance that some of the traffic would take the proper return path. just because traffic is received on an interface does not mean it will exit that same interface (known as asymmetric routing). when your router receives an ICMP echo, it formulates its ICMP echo-reply message by taking the original source IP (WAN2 in this case) and uses that as the new destination IP. the router does a lookup for this destination and because you don't have a more specific route back to the source it will choose the default route which is to ISPA. add a static route into your router for the source of WAN2 traffic and watch it return out ISPB interface.

Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Cisco: Routers

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close