Hello,
I was doing recently multihomed setup on one of my cisco routers and I ran into problem which I can't solve till now.
Basically there is 2 ISP connections and one private subnet range.
Problem is when i'm using default gateway I can't ping backup interface due to packet is not coming back over backup interface but main one instead.
Any ideas how I can force ping responses sent to Fa8 to go back over same interface not by gig0 interface?
gigabit0 interface is my main interface by which I sent most of traffic and fastethernet8 is interface for backup connection and to send traffic by only one host from subnet.
Interesting part of configuration:
I was doing recently multihomed setup on one of my cisco routers and I ran into problem which I can't solve till now.
Basically there is 2 ISP connections and one private subnet range.
Problem is when i'm using default gateway I can't ping backup interface due to packet is not coming back over backup interface but main one instead.
Any ideas how I can force ping responses sent to Fa8 to go back over same interface not by gig0 interface?
gigabit0 interface is my main interface by which I sent most of traffic and fastethernet8 is interface for backup connection and to send traffic by only one host from subnet.
Interesting part of configuration:
interface FastEthernet8
description ISP_B
ip address 2.2.2.2 255.255.255.252
ip nat outside
no ip virtual-reassembly
duplex full
speed 100
!
!
interface GigabitEthernet0
description ISP_A
ip address 1.1.1.1 255.255.255.240
ip access-group acl_fcc_in in
ip nat outside
no ip virtual-reassembly
duplex full
speed 100
crypto map cm-cryptomap
!
!
interface Vlan1
ip address 192.168.100.4 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map ISP_Policy
ip nat inside source route-map ISPA interface GigabitEthernet0 overload
ip nat inside source route-map ISPB interface FastEthernet8 overload
ip access-list extended backup_isp
deny ip 192.168.100.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip host 192.168.100.153 any
permit ip host 192.168.100.151 any
deny ip any any
ip access-list extended NAT
deny ip any 10.0.0.0 0.255.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 172.16.0.0 0.15.255.255
permit ip 192.168.100.0 0.0.0.255 any
route-map ISPB permit 10
match ip address NAT
match interface FastEthernet8
!
route-map ISPA permit 10
match ip address NAT
match interface GigabitEthernet0
!
route-map ISP_Policy permit 10
match ip address backup_isp
set ip next-hop 2.2.2.1