Advanced Routing Question

[sobak]

Okay this may be basic for some of you so please be kind. I have a Cisco 2611 that I am using in a remote office that is configured like this.....

Ethernet0/0 1.5 MB default internet connection
Ethernet0/1 Local LAN connection
Ethernet1/0 DSL line installed as a backup connection

My question is.....

1. How do I get the router to recognize both routes as valid routes to the internet?

2. Can I set two IPSEC VPN connections up and then use an internal routing protocol to use whatever connection is valid at that time. Or will this cause me great problems. If I can get this set up how do I go about configuring it for different interfaces. I know how to do it for just one interface but I’ve set it up and I can’t get the tunnel established.

Looking on Cisco’s web site they show configuring BGP but I want something that will not cause much overhead on my router. Then there is the issue with the VPN, what is the best way to configure both.

I am sure I didn’t explain everything properly so ask your questions. Thanks in advance.

david e david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[wybnormal]

Without a bit more info, if you have two different routes to the internet, you could do a simple floating static route. If the primary route is down, the router would use the floating static.

You could do policy based routing on protocol and/or IPs

If you are using a routing protocol like OSPF, you can play with the costing of the links.

The VPN throws a clinker into the works and honestly, VPNs are not yet my strong point ;-) But I'm learning!!!

MikeS
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[sobak]

wybnormal,
Thanks sorry didn't respond right away, I was out on vacation. Thanks for your response, I guess what I am looking for is the best way to route to the internet. I tried to look for information regarding the Floating Static but most of it was dealing with an ISDN connection. Can I do the same with a secondary ethernet connection? Also if you can clear up the OSPF entry I would apprecitate it, when I add OSPF to the router do I place in the two network commands for the two Ethernet connections? I am trying not to replicate out my information to my two ISPs. What I am asking is this???

router ospf
network {ethernet0/0}
network {ethernet1/0}

Would this be correct?

I mainly deal with RIP, IGRP and EIGRP routers and haven't yet had the chance to use OSPF. Just want to make sure I don't loose connection to this router since it is up in New York and I'm down in Dallas.....

Thanks for your response.

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[Guest_imported]

BGP won't take alot of overhead if you elect NOT TO receive full internet routes.

Are you using the same ISP for both links? If so, you could use a private AS number. You could receive a default route only through each BGP Session to the ISP's and this could achieve what you are after (fail over) without alot of overhead (saving receiving 100,000+ routes)

 

[wybnormal]

router ospf <area>
network <e0> <wildcardmask>; 0.0.0.0=1 IP, 0.0.0.255=range of 255 etc...
network <e1> <wildcardmask>

interface s<x>
ip ospf network <type> i.e.. broadcast etc
ip ospf cost <cost> ; if you want to mess with it


Keep in mind that if you dont know BPG, you can easily make a mistake and have yourself blacklisted. BPG is not something to learn on the job sort of speaking. If you want BPG, then get someone to help that knows it well. Many vendors will not let you connect via BPG.. some insist on OSPF.

A floating static is the same as the ISDN sample.

ip route 192.168.50.1 255.255.255.255 S0
;
ip route 192.168.50.1 255.255.255.255 S1 250; notice the 250 cost. the static route defaults to a cost of 1 which says it is picked first. If it's not available, then the &quot;floating&quot; static route with the cost of 250 will be picked assuming nothing else is there with a lower cost that would over rule it.

OSPF Notes:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/1cprt1/1cospf.htm

MikeS


&quot;Diplomacy; the art of saying 'nice doggie' till you can find a rock&quot; Wynn Catlin

 

[sobak]

WYB,

Thanks for clearing it up a little, of course I don't want to be blacklisted. I am getting a little closer to getting this done. I set up my secondary ENET card with the information I got from our second provider. Of course it was wrong because they had not set it up all the way. I found this out by running some debug commands on my router and found out no traffic was even reaching it. Once I got them to complete the setup they gave me the correct IP Address and I now am routing through both routes. I though I was setting something up wrong that was what was throwing me off........Now that I am routing through both connections now I am going to attempt the setup of the VPN, I will let you know how it goes, this is the first attempt for me setting up a VPN using two different interfaces and routes......Should be pretty interesting.

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[sobak]

Okay heres the situation hopfully I can get a little help on this. These are the steps I use to set up the VPN....

1. Create the ISAKMP sharedkey
2. Create the Transform Set
3. Create the Crypto Map and assign the ACL

After I perform the above, I check...

sho crypto ipsec sa

and see that my local endpt and remote endpt are the same as my existing VPN. I don't want this I want the local endpt and remote endpt to be the settings I am using for the crypto map.

Ive tried it on the same crypto map and created a new cryto map an applied it to both the Tunnel and E1/0 interfaces but it still wants to grab the original VPN settings. Anyone have any words of advise you can give me? Checked on the cisco web site and I am doing everything the way they say to do it. I am stuck and dont know where to go from here....

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[Niall22]

I know a little bit about VPNs. I run one here at my company between 2 Cisco 2600 routers and a few stand alone computers with Cisco's VPN client software. I might be able to help you a little bit with the VPN portion of your problem if you could post your config.

Niall

 

[sobak]

Niall,
thanks for the offer, I figured out my problem late last night. Found that there were two ACL's for the crypto map that was causing it to pull the wrong Local and Remote endpt's. Once I deleted the extra crypto map and cleared the Crypto SA the VPN came right up without any problem. I am now working on getting OSPF configured on the network so I can use the Secondary VPN as a redundant link. I might have to talk to you again if I can't figure this out. Keep me in mind

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*