Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ISP fail over

Status
Not open for further replies.
gzuszgr8

gzuszgr8

MIS
Apr 18, 2001
27
0
0
US
I have 3 remote locations that have Cisco 2800 routers and 3560 switches. The routers connect to my main corp center and the router points to my firewall for internet. I just installed dsl and cisco pix routers for disaster recovery. I have the dsl directly connected to the cisco pix for our DR vendor and the pix connected to my 3560 switches. I want to have a command in either my router or switch that if my corp site is down that the router or switch will re-route the internet to the dsl. These dsl connections have static ip addresses associated with them from the ISP. Any help would be great.
 
Sort by date Sort by votes
Just put in another static route, but with a higher metric (floating static route). The router will choose the lower metric, but if it's not available, then it will choose the second lowest metric.

Burt
 
Upvote 0 Downvote
I'm going to tack my question onto this thread. I've been wondering about this for a while.

Is there a doc that describes how you do this when you are using NAT? We have connections to 2 ISP's. For now, we have 3 or so lines in our config we need to change when our connection goes down. (It hasn't happened yet). Essentially what we do is modify the route-map that controls the NAT pool and add an "ip route" to point the other interface. We are doing this on an 1841.

It would be nice to have this happen all by itself.

Thanks,
- Joel
 
Upvote 0 Downvote
Let's say you have two dialer interfaces...di0 and di1...

ip route 0.0.0.0 0.0.0.0 di0
ip route 0.0.0.0 0.0.0.0 di1 20

It will choose di0 over di1, but if di0 goes down, then di1 takes over.

Burt
 
Upvote 0 Downvote
The multiple routes make sense. I don't see how to get around the nat issue.

I've got 2 nat pools depending on which host is doing what.
ip nat pool T1_Pool aaa.bbb.163.247 aaa.bbb.163.249 netmask 255.255.255.240
ip nat pool Cable_Pool xxx.yyy.248.210 xxx.yyy.248.212 netmask 255.255.255.248

and a route-map for them

ip nat inside source route-map Cable_Map pool Cable_Pool overload
ip nat inside source route-map T1_Map pool T1_Pool overload


route-map Cable_Map permit 10
match ip address 102
!
route-map T1_Map permit 10
match ip address 101
!

access-list 101 remark This list is applied to the T1 route map
access-list 101 remark for dynamic NAT to portal and T1
access-list 101 deny ip any 10.2.2.32 0.0.0.31
access-list 101 deny ip host 192.168.1.9 host aaa.bbb.163.242
access-list 101 deny ip host 192.168.1.9 host aaa.bbb.163.243
access-list 101 deny ip host 192.168.3.10 host aaa.bbb.163.242
access-list 101 deny ip host 192.168.3.10 host aaa.bbb.163.243
access-list 101 remark entries for .244 and .245 are temporary during new portal setup
access-list 101 deny ip host 192.168.1.9 host aaa.bbb.163.244
access-list 101 deny ip host 192.168.1.9 host aaa.bbb.163.245
access-list 101 deny ip host 192.168.3.10 host aaa.bbb.163.244
access-list 101 deny ip host 192.168.3.10 host aaa.bbb.163.245
access-list 101 permit ip host 192.168.3.10 any
access-list 101 permit ip host 192.168.3.11 any
access-list 101 permit ip host 192.168.3.12 any
access-list 101 permit ip host 192.168.10.2 any
access-list 101 permit ip host 192.168.1.9 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 aaa.bbb.163.240 0.0.0.15
access-list 102 remark This list is applied to the Cable route map
access-list 102 remark for dynamic NAT to rest of internet
access-list 102 deny ip any 10.2.2.32 0.0.0.31
access-list 102 deny ip any 10.2.2.32 0.0.0.31
access-list 102 deny ip 192.168.0.0 0.0.255.255 aaa.bbb.163.240 0.0.0.15
access-list 102 deny ip aaa.bbb.163.240 0.0.0.15 any
access-list 102 deny ip host 192.168.3.10 any
access-list 102 deny ip host 192.168.3.11 any
access-list 102 deny ip host 192.168.3.12 any
access-list 102 deny ip host 192.168.10.2 any
access-list 102 deny ip host 192.168.1.9 any
access-list 102 permit ip 192.168.0.0 0.0.255.255 any

Here's our setup. We have two ISPs. We have a T1 with public addresses and our web/ftp sits on that. We have a cable modem with public addresses that we use for browsing/downloads, etc. access-list 101 is used when an internal machine needs to talk to one of our public servers on the T1 network. access-list 102 is used when we go out to the internet. If our cable connection goes down and we route to the T1 how do we get a NAT address on that network? Is our config hopelessly flawed to allow this?

The denies at the top of access-list 101 are for machines that have static nats to the T1.

- Joel
 
Upvote 0 Downvote
so your saying in my router i should have
ip route 123.123.123.123 255.255.255.255 1
ip route 456.456.456.456 255.255.255.255 2

and it will route to metric 1 until it cant reach it then will go to metric 2 ?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Punk6296
  • Locked
  • Question
slow WAN download speeds over UC540
Replies
0
Views
44
Punk6296
Punk6296
StaplesMan
  • Locked
  • Question
IPv6 ISP with Cisco 1841 router
Replies
1
Views
48
StaplesMan
StaplesMan
d3nn15
  • Locked
  • Question
need to program over 100 rules in cisco translation profiles
Replies
1
Views
81
whykap
whykap
yanks2112
  • Locked
  • Question
HTTP traffic not passing correctly over Site to Site VPN
Replies
0
Views
34
yanks2112
yanks2112
rumbao
  • Locked
  • Question
VPN over a fastethernet port configured via VLAN as WAN port?
Replies
0
Views
37
rumbao
rumbao

Part and Inventory Search

Sponsor

Back
Top