Comments on: Cisco – Dual Internet Connections without BGP enabled ISP http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/ Tips and Video Tutorials - Cisco .:. Linux .:. VOIP Fri, 30 Jul 2010 13:55:31 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Mariano http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-33069 Mariano Mon, 21 Dec 2009 14:24:49 +0000 http://www.blindhog.net/?p=7#comment-33069 I have one of my connections through a MPLS and the second one through a VPN. How I make the traffic goes into the VPN? I have one of my connections through a MPLS and the second one through a VPN. How I make the traffic goes into the VPN?

]]> By: Kaizer Onion | Think thoroughly about » Blog Archive » Cisco multiple ISP avec IP SLA http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-32771 Kaizer Onion | Think thoroughly about » Blog Archive » Cisco multiple ISP avec IP SLA Wed, 21 Oct 2009 08:15:43 +0000 http://www.blindhog.net/?p=7#comment-32771 [...] : http://www.blindhog.net/cisco-dual-internet-connections-without-bgp [...] [...] : http://www.blindhog.net/cisco-dual-internet-connections-without-bgp [...]

]]> By: T O http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-32612 T O Fri, 28 Aug 2009 06:14:55 +0000 http://www.blindhog.net/?p=7#comment-32612 Hi, track 101 rtr 1 reachability command is not supported in c3845-advipservicesk9-mz.124-24.T1.bin IOS. In which IOS it is supported? TIA Hi,

track 101 rtr 1 reachability command is not supported in c3845-advipservicesk9-mz.124-24.T1.bin IOS.

In which IOS it is supported?

TIA

]]> By: Josh http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-29727 Josh Sun, 19 Apr 2009 13:55:39 +0000 http://www.blindhog.net/?p=7#comment-29727 Joaquin, The first thing i notice is that Fa0/0 is referencing access-list 2000 but access-list 2000 does not exist. Josh Joaquin,

The first thing i notice is that Fa0/0 is referencing access-list 2000 but access-list 2000 does not exist.

Josh

]]> By: Joaquin http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-28030 Joaquin Sun, 22 Mar 2009 15:22:05 +0000 http://www.blindhog.net/?p=7#comment-28030 Hi Josh, Great tutorial, I learned a lot. My scenario is little bit diferent: I have two ISP connections (2 x G703-E1, same ISP) and in the LAN interface I have several VLANs (Vlan 3 for link 1 vlan 4 for link 2) The ISP provide me in the link 1 3 public IP subnets (64, 32 and 8 IPs) and 1 public IP subnet (8 IPs) in the link 2. When I applied your config with some changes I have problems because some webpages open and answers ping others no. For instance I can open yahoo.com, but i cannot open google.com. I´m appreciate if you can take look of my config: ip sla monitor 1 type echo protocol ipIcmpEcho 190.202.70.157 threshold 3 frequency 5 ip sla monitor schedule 1 life forever start-time now ip sla monitor 2 type echo protocol ipIcmpEcho 190.202.72.185 threshold 3 frequency 5 ip sla monitor schedule 2 life forever start-time now track 101 rtr 1 reachability ! track 102 rtr 2 reachability interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip access-group 2000 in ip access-group 2000 out speed auto full-duplex interface FastEthernet0/0.3 encapsulation dot1Q 3 ip address 192.168.30.10 255.255.255.0 secondary ip address 190.202.127.1 255.255.255.192 secondary ip address 190.202.108.57 255.255.255.248 secondary ip address 190.202.126.193 255.255.255.224 secondary ip address 172.40.0.1 255.255.0.0 ip access-group 103 in ip access-group 103 out no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly no ip mroute-cache no snmp trap link-status no cdp enable interface FastEthernet0/0.4 encapsulation dot1Q 4 ip address 190.202.112.105 255.255.255.248 secondary ip address 172.41.0.1 255.255.0.0 ip access-group 104 in ip access-group 104 out no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly no ip mroute-cache no snmp trap link-status no cdp enable ! interface Serial0/0/0:0 bandwidth 1920 ip address 190.202.70.158 255.255.255.252 ip nat outside ip virtual-reassembly encapsulation frame-relay IETF frame-relay interface-dlci 487 frame-relay lmi-type ansi ! interface Serial0/0/1:0 bandwidth 1920 ip address 190.202.72.186 255.255.255.252 ip nat outside ip virtual-reassembly encapsulation frame-relay IETF frame-relay interface-dlci 590 frame-relay lmi-type ansi ! ip route profile ip route 0.0.0.0 0.0.0.0 190.202.70.157 track 101 ip route 0.0.0.0 0.0.0.0 190.202.72.185 track 102 ip nat inside source route-map enlace1 interface Serial0/0/0:0 overload ip nat inside source route-map enlace2 interface Serial0/0/1:0 overload access-list 103 permit ip 172.40.0.0 0.0.255.255 any access-list 103 permit ip any 172.40.0.0 0.0.255.255 access-list 103 permit ip 190.202.127.0 0.0.0.63 any access-list 103 permit ip any 190.202.127.0 0.0.0.63 access-list 103 permit ip 190.202.126.192 0.0.0.31 any access-list 103 permit ip any 190.202.126.192 0.0.0.31 access-list 103 permit ip 190.202.108.56 0.0.0.7 any access-list 103 permit ip any 190.202.108.56 0.0.0.7 access-list 103 permit ip 192.168.10.8 0.0.0.7 any access-list 103 permit icmp any any access-list 103 permit udp any any eq bootps access-list 103 deny ip any any access-list 104 permit ip 172.41.0.0 0.0.255.255 any access-list 104 permit ip any 172.41.0.0 0.0.255.255 access-list 104 permit udp any any eq bootps access-list 104 permit ip 190.202.112.104 0.0.0.7 any access-list 104 permit ip any 190.202.112.104 0.0.0.7 access-list 104 permit icmp any any access-list 104 deny ip any any route-map enlace1 permit 10 match ip address 103 match interface Serial0/0/0:0 ! route-map enlace2 permit 10 match ip address 104 set interface Serial0/0/1:0 set ip next-hop 190.202.72.185 ! The test was done with subnets 172.40.0.0 and 172.41.0.0 (DHCP asigned by router) Hi Josh,

Great tutorial, I learned a lot. My scenario is little bit diferent: I have two ISP connections (2 x G703-E1, same ISP) and in the LAN interface I have several VLANs (Vlan 3 for link 1 vlan 4 for link 2) The ISP provide me in the link 1 3 public IP subnets (64, 32 and 8 IPs) and 1 public IP subnet (8 IPs) in the link 2. When I applied your config with some changes I have problems because some webpages open and answers ping others no. For instance I can open yahoo.com, but i cannot open google.com. I´m appreciate if you can take look of my config:
ip sla monitor 1
type echo protocol ipIcmpEcho 190.202.70.157
threshold 3
frequency 5
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 190.202.72.185
threshold 3
frequency 5
ip sla monitor schedule 2 life forever start-time now
track 101 rtr 1 reachability
!
track 102 rtr 2 reachability
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip access-group 2000 in
ip access-group 2000 out
speed auto
full-duplex
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.30.10 255.255.255.0 secondary
ip address 190.202.127.1 255.255.255.192 secondary
ip address 190.202.108.57 255.255.255.248 secondary
ip address 190.202.126.193 255.255.255.224 secondary
ip address 172.40.0.1 255.255.0.0
ip access-group 103 in
ip access-group 103 out
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip mroute-cache
no snmp trap link-status
no cdp enable
interface FastEthernet0/0.4
encapsulation dot1Q 4
ip address 190.202.112.105 255.255.255.248 secondary
ip address 172.41.0.1 255.255.0.0
ip access-group 104 in
ip access-group 104 out
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip mroute-cache
no snmp trap link-status
no cdp enable
!
interface Serial0/0/0:0
bandwidth 1920
ip address 190.202.70.158 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation frame-relay IETF
frame-relay interface-dlci 487
frame-relay lmi-type ansi
!
interface Serial0/0/1:0
bandwidth 1920
ip address 190.202.72.186 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation frame-relay IETF
frame-relay interface-dlci 590
frame-relay lmi-type ansi
!
ip route profile
ip route 0.0.0.0 0.0.0.0 190.202.70.157 track 101
ip route 0.0.0.0 0.0.0.0 190.202.72.185 track 102
ip nat inside source route-map enlace1 interface Serial0/0/0:0 overload
ip nat inside source route-map enlace2 interface Serial0/0/1:0 overload
access-list 103 permit ip 172.40.0.0 0.0.255.255 any
access-list 103 permit ip any 172.40.0.0 0.0.255.255
access-list 103 permit ip 190.202.127.0 0.0.0.63 any
access-list 103 permit ip any 190.202.127.0 0.0.0.63
access-list 103 permit ip 190.202.126.192 0.0.0.31 any
access-list 103 permit ip any 190.202.126.192 0.0.0.31
access-list 103 permit ip 190.202.108.56 0.0.0.7 any
access-list 103 permit ip any 190.202.108.56 0.0.0.7
access-list 103 permit ip 192.168.10.8 0.0.0.7 any
access-list 103 permit icmp any any
access-list 103 permit udp any any eq bootps
access-list 103 deny ip any any
access-list 104 permit ip 172.41.0.0 0.0.255.255 any
access-list 104 permit ip any 172.41.0.0 0.0.255.255
access-list 104 permit udp any any eq bootps
access-list 104 permit ip 190.202.112.104 0.0.0.7 any
access-list 104 permit ip any 190.202.112.104 0.0.0.7
access-list 104 permit icmp any any
access-list 104 deny ip any any
route-map enlace1 permit 10
match ip address 103
match interface Serial0/0/0:0
!
route-map enlace2 permit 10
match ip address 104
set interface Serial0/0/1:0
set ip next-hop 190.202.72.185
!
The test was done with subnets 172.40.0.0 and 172.41.0.0 (DHCP asigned by router)

]]> By: Austin http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-25648 Austin Wed, 11 Feb 2009 20:47:23 +0000 http://www.blindhog.net/?p=7#comment-25648 I am trying to do this on a 1751 running 12.2(15)T11. I dont have ip sla command. Is there a min version I need to be running? Thanks I am trying to do this on a 1751 running 12.2(15)T11. I dont have ip sla command. Is there a min version I need to be running?

Thanks

]]> By: iwk http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-18809 iwk Tue, 18 Nov 2008 15:52:01 +0000 http://www.blindhog.net/?p=7#comment-18809 Hi - I'm french, sorry for my english Your configuration works for fail over, but for a simetric load balancing ? If two ISPs is up, only the ISP n°1 is used ? Thx Hi -

I’m french, sorry for my english

Your configuration works for fail over, but for a simetric load balancing ?

If two ISPs is up, only the ISP n°1 is used ?

Thx

]]> By: Josh http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-17462 Josh Tue, 21 Oct 2008 00:37:02 +0000 http://www.blindhog.net/?p=7#comment-17462 jdm, Yes, it will work with the interfaces you mentioned. Josh jdm,

Yes, it will work with the interfaces you mentioned.

Josh

]]> By: jdm http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-17185 jdm Thu, 16 Oct 2008 17:08:57 +0000 http://www.blindhog.net/?p=7#comment-17185 Will this work using S0 and FastE? Leased line and pppoe/dsl? Will this work using S0 and FastE? Leased line and pppoe/dsl?

]]> By: Adam http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/comment-page-1/#comment-15512 Adam Fri, 12 Sep 2008 06:35:12 +0000 http://www.blindhog.net/?p=7#comment-15512 Hi -- Great article. I'm having some trouble accessing both of my public interfaces from the outside. I seem to only be able to get to the primary one. Any help would be greatly appreciated !! track 123 ip sla 1 reachability track 345 ip sla 2 reachability ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/0 [ISP GATEWAY 1] track 123 ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/1 [ISP GATEWAY 2] track 345 10 ip nat inside source route-map isp1-map interface GigabitEthernet0/0 overload ip nat inside source route-map isp2-map interface GigabitEthernet0/1 overload ip sla 1 icmp-echo [TEST IP 1] source-interface GigabitEthernet0/0 timeout 1000 threshold 2 frequency 1 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo [TEST IP 2] source-interface GigabitEthernet0/1 timeout 1000 threshold 2 frequency 1 ip sla schedule 2 life forever start-time now route-map isp2-map permit 10 match ip address nat-list match interface GigabitEthernet0/1 ! route-map isp1-map permit 10 match ip address nat-list match interface GigabitEthernet0/0 Hope I included all the relevant info. When the failover link goes on, I can ssh into it. But never when the primary link is up. Thanks again. Hi — Great article. I’m having some trouble accessing both of my public interfaces from the outside. I seem to only be able to get to the primary one. Any help would be greatly appreciated !!

track 123 ip sla 1 reachability
track 345 ip sla 2 reachability

ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/0 [ISP GATEWAY 1] track 123
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/1 [ISP GATEWAY 2] track 345 10

ip nat inside source route-map isp1-map interface GigabitEthernet0/0 overload
ip nat inside source route-map isp2-map interface GigabitEthernet0/1 overload

ip sla 1
icmp-echo [TEST IP 1] source-interface GigabitEthernet0/0
timeout 1000
threshold 2
frequency 1
ip sla schedule 1 life forever start-time now

ip sla 2
icmp-echo [TEST IP 2] source-interface GigabitEthernet0/1
timeout 1000
threshold 2
frequency 1
ip sla schedule 2 life forever start-time now

route-map isp2-map permit 10
match ip address nat-list
match interface GigabitEthernet0/1
!
route-map isp1-map permit 10
match ip address nat-list
match interface GigabitEthernet0/0

Hope I included all the relevant info. When the failover link goes on, I can ssh into it. But never when the primary link is up. Thanks again.

]]>