cisco routing help

V

vxspiritxv

[H]ard|Gawd
Joined
Feb 10, 2001
Messages
1,610
router is 10.1.4.1 (cisco 2651xm w/ ios 12.4 if it matters)

Main route (t1):
ip route 0.0.0.0 0.0.0.0 10.254.10.13
Backup route asa/vpn:
ip route 0.0.0.0 0.0.0.0 10.1.4.2 10

Only problem is the backup route doesn't have all the systems the main route has.
And when it goes to backup (t1 goes down) the windows computers see the new route and add it as a primary route for each connection to whatever server. So when the T1 comes back up, none of the servers are reachable because the windows computers are trying to route over the backup connection still. Do I have to do some sort of vlan to move the backup route off the same subnet as the PCs or is there a simpler way?
 
Why would the windows computers learn the backup route? They should be pointing to their DG, which is the 2651. Are the Windows machines on the same subnet as the ASA/VPN? If so, the router is probably sending redirects (which you should disable - no ip redirect) and the I suppose the Windows machines are caching the next hop they're being told.
 
I believe what you are trying to accomplish you would want to use ip sla feature. This should allow you to switch over to the backup when the T1 fails and return back to the primary when the T1 comes back online. you can play with the timings if you need faster reactions. I think the command might match your router. i used C2691-ENTSERVICESK9-M Version 12.4(13b) in GNS3 to confirm my commands. but they have changed with different version so it might be different for your.. but you can google "ip sla backup isp" and they should be a ton of pages explaining it.


R1(config)# ip sla monitor 1
R1(config-sla-monitor)# type echo protocol ipIcmpEcho 10.254.10.13 source-interface FastEthernet0/0
R1(config-sla-monitor-echo)# timeout 1000
R1(config-sla-monitor-echo)# threshold 2
R1(config-sla-monitor-echo)# frequency 3
R1(config)# ip sla monitor schedule 1 life forever start-time now


R1(config)# track 1 rtr 1 reachability


R1(config)# ip route 0.0.0.0 0.0.0.0 10.254.10.13 track 1
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.4.2 10


good luck..
 
You'll also need to look into Policy Based Routing and NAT. If your using NAT, the translation gets stuck and you need to apply polices to work around this. If you shutdown interface you might find things start spring into action.
 
Thanks Vito

router(config)#int FastEthernet0/0
router(config-if)#no ip redirects
router(config-if)#^Z

Sounds exactly like what I need. I'll do failover testing after hours today.
Knew it had to be something simple :D
 
No problem. In the future, consider putting a p2p network between the router and firewall. Sharing subnets with hosts can lead to goofy shit happening.
 
You must log in or register to reply here.
Back
Top