IP NAT and DDR

[jkallen]

I have a 1720 with 1 FastE, 1 Serial, and 1 DSL WIC installed. I want to use the Serial as the primary connection to the internet, and the dsl dialer as the backup. If you have not used DSL before, think of it as ISDN, as it used a dialer in the same manner.

My problem right now is if I disconnect my serial line, (I have the DSL up and running to the point that it connects and gets an address) I cannot get any packets through the router. From the router console, I can ping hosts outside my network no problem, but I can ping no one using a host on the LAN. I have looked at it everway to Sunday and cannot figure this one out. Thanks for any help. I pasted the config below.

Here is my config:
interface Serial0
ip address x.x.x.x 255.255.255.252
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
no fair-queue
service-module t1 timeslots 17-24
service-module t1 remote-alarm-enable
no cdp enable
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname test@bellsouth.net
ppp chap password 7 <removed>
!
ip nat pool mypool y.y.y.y z.z.z.z prefix-length 27
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list 7 pool mypool overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
!
logging history debugging
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 7 permit 10.0.0.0 0.0.0.255
access-list 7 permit 192.168.0.0 0.0.0.255

 

[Mirei]

You have a routing problem. You have to use a secondary static route.

Mirei.

 

[jkallen]

Oh - I forgot to mention that I had removed the other static route from this config to get it routing back through S0 - the other route was

ip route 0.0.0.0 0.0.0.0 Dialer1

Thanks

 

[ccie9545]

whats the config on the FastEthernet interface of the router, and are the hosts properly set up? Erik Rudnick, CCIE No. 9545
mailto:erik@kuriosity.com

 

[wybnormal]

You need to have a secondary (floating) static route as mentioned before..


ip route 0.0.0.0 0.0.0.0 Dialer1 200

The 200 is the *cost* of the secondary route relative to the other routes. A static route cost is normally &quot;1&quot;.. so if you have the second with a cost of &quot;200&quot;, it cost more then the 1st static or any other routing protocol so it is the LAST route chosen. If the static route 1 goes down... i.e.. serial goes down, then the router will look for another route.. and it will find the 2nd static, the cost is fine since there is nothing higher then 200 online or available.


Read this article as it applies directly here:

http://www.cisco.com/warp/public/123/backup-main.html

MikeS
Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu

 

[jkallen]

Adding the floating secondary static route is my intention down the line, but adding it now only sets me up for failure later. You see, if I have 2 default static routes and they have the same AD (1 by default) then the router automatically starts load balancing packets. When I do this, I get about %50 packet loss.

The bottom line here is that if I add a static route to the dialer interface and remove the static route to the S0 interface, no clients can get out, but the router can.

If I am misunderstanding something, please let me know. I have pates the FE config below. All clients work fine if Serial route is alive and active.

Thanks

!
interface FastEthernet0
ip address z.z.z.z 255.255.255.224 secondary
ip address 172.16.5.1 255.255.255.0 secondary
ip address 10.0.0.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
no keepalive
speed auto
no cdp enable
!

 

[wybnormal]

so why are you wanting to do it this way? and why the per packet load balancing? (no ip route-cache) this throws a high load on the router vs. per demand routing which is the default. With per packet, the 1st packet goes route1 and the 2nd goes route 2 and so on.. I've only seen this done once on production networks and it was because some nasty IPX stuff we had on a SMDS meshed network. Long story

Anyways..

How Are Packets Routed for IP over Equal Paths?

http://www.cisco.com/warp/public/105/27.html

What I dont see in your config is any permit for the protocol to be defined as *interesting* over the dialer.

!
dialer-list 1 protocol ip permit
!

This would explain why no clients can get out over the dialer and why you get a 50% loss of packets with the 2 static routes. Every time the router tries to send the packet over the dialer, it's block since IP is NOT permited (not interestingt) but since IP is allowed over the serial, it gets through and I would be there are ALOT of re-transmissions on that interface from the IP application trying to get everything across.

MikeS
Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu

 

[wybnormal]

I forgot to add this example:

!
dialer-list 1 list 24
!

this dialer-list uses access-list 24 to define interesting traffic.. since it's a simple access list, it's by IP address. You could use an extended access list if you were feeling a bit adventureous.

MikeS
Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu

 

[ccie9545]

that is a good point about the config and dialer-list (would still have to add dialer-group 1 to the dialer interface). however, i don't think that is the problem since the router can get out over the ISDN link. If there was no traffic defined as interesting, then the router would not be able to dial at all. which begs the question how can it dial without defining interesting traffic...

will look into it....its been a long week

erik Erik Rudnick, CCIE No. 9545
mailto:erik@kuriosity.com