Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Can't ping WAN interface of multihomed router

Reply
Thread Tools

Can't ping WAN interface of multihomed router

 
 
JmanSC JmanSC is offline
Junior Member
Join Date: Jan 2009
Posts: 8
 
      01-14-2009
I have a Cisco 2811 with 3 DSL interfaces to the same ISP, all of which are up. For examples sake, let's say that the public IP of those interfaces are:
1.1.1.1/32 (directly connected to gateway 1.1.2.1)
1.1.1.2/32 (directly connected to gateway 1.1.2.2)
1.1.1.3/32 (directly connected to gateway 1.1.2.3)

This router has an inside network of 192.168.1.0/24, the traffic from which gets overload NAT'd using a route-map. I have 3 static routes to the ISP's gateways to load balance traffic, which works just fine.

From home, on a different ISP I have a public address of, let's say 2.2.2.2.

Ever since the system was setup, my ability to ping the public interfaces of the 2811 changes and is inconsistent. For example, right now, here is what will work:

2.2.2.2 -> 1.1.1.1 = Reply
2.2.2.2 -> 1.1.1.2 or 1.1.1.3 = Timed out

From the router pinging with a specific source address:
1.1.1.2 -> 2.2.2.2 = Reply
1.1.1.1 or 1.1.1.3 -> 2.2.2.2 = Timed out

What's strange is that from home to the router only one interface will work at a time. The same from the router to home, but it's a different interface that works.

I've done some packet captures to see if I'm receiving the reply with a different source address, but that's not the case. If I ping from 2.2.2.2 to 1.1.1.2, I simply don't get a reply at all, even though the interface is up and carrying traffic.

Any ideas?
 
Reply With Quote
 
 
 
 
JmanSC JmanSC is offline
Junior Member
Join Date: Jan 2009
Posts: 8
 
      01-23-2009
Does anybody have any ideas of things I can check? I'm kinda stuck on this one...


Thanks.
 
Reply With Quote
 
 
 
 
ensnare ensnare is offline
Junior Member
Join Date: Jan 2009
Posts: 5
 
      01-24-2009
Hi -- you have to make a policy-map for the secondary WAN interfaces that tell packets coming in on that interface to go out over the same interface. Otherwise they will go out over the router's default gateway and will time out.

Try something like this:

ip local policy route-map BackOnISP2

access-list 170 remark ***** TRAFFIC ALLOWED IN OVER ISP2
access-list 170 permit tcp host 1.2.3.4 any <-- external IP of wan2 int

route-map BackOnISP2 permit 10
match ip address 170
set ip next-hop 1.1.1.1 <-- default gateway for secondary interface

Hope this helps,
Adam
 
Reply With Quote
 
JmanSC JmanSC is offline
Junior Member
Join Date: Jan 2009
Posts: 8
 
      01-29-2009
Hi Adam,

Thanks for the reply. Here's a picture that may help clarify:

192.168.1.0/24 -> router -> 1.1.1.1 (DSL1) -> 1.1.2.1 (DSL1's gateway)
-> 1.1.1.2 (DSL2) -> 1.1.2.2 (DSL2's gateway)
-> 1.1.1.3 (DSL3) -> 1.1.2.3 (DSL3's gateway)

Currently if I do "show ip route" the "gateway of last resort" is the next-hop for one of the DSL Lines (1.1.2.2). If I try to telnet to the IP associated with that interface (1.1.1.2), I'm still unsuccessful, but again, only from certain connections (for example, it doesn't work from home but does work from work).

Do you think this is still the same problem?

I currently have 3 route-maps to NAT the internal traffic. Here is the relevant part of the config associated with that:

ip route 0.0.0.0 0.0.0.0 1.1.2.1
ip route 0.0.0.0 0.0.0.0 1.1.2.2
ip route 0.0.0.0 0.0.0.0 1.1.2.3

ip nat inside source route-map NATdailer0 interface Dialer0 overload
ip nat inside source route-map NATdailer1 interface Dialer1 overload
ip nat inside source route-map NATdailer2 interface Dialer2 overload

access-list 1 permit 192.168.1.0 0.0.0.255

route-map NATdailer0 permit 10
match ip address 1
match interface Dialer0

route-map NATdailer1 permit 10
match ip address 1
match interface Dialer1

route-map NATdailer2 permit 10
match ip address 1
match interface Dialer2

Should I add 3 new route-maps as you suggested or modify the existing ones?

Thanks again for your help!
 
Reply With Quote
 
JmanSC JmanSC is offline
Junior Member
Join Date: Jan 2009
Posts: 8
 
      03-16-2009
I tried what was suggested and I'm now able to consistently get into the router for administration.

However, I'm doing some port forwarding to access a server inside the local LAN. I have a similar problem in that the port forwarding seems to work when only one line is active, but quits working when the other two are active.

I guess this is another route-map problem, but I'm not sure how to fix it.

Here's an example of my current port forward command:

ip nat inside source static tcp 192.168.1.245 80 1.1.1.1 80 extendable

I looked at the nat translation table and when only 1 WAN connection is active, the outside local and global entries for inbound 80 traffic are empty - just a dashed line. After enabling the other 2 connections (and 3 are active at a time) the outside local and global populate with my remote IP and source port, but this is when it doesn't work.

Can anyone help?

Thanks!
 

Last edited by JmanSC; 03-16-2009 at 08:17 PM..
Reply With Quote
 
JmanSC JmanSC is offline
Junior Member
Join Date: Jan 2009
Posts: 8
 
      03-18-2009
I figured out my problem.

I had to create a route-map for the internal host and bind it to the ethernet interface:

access-list 160 permit ip host 192.168.1.245 any
route-map webserver permit 10
match ip address 160
set ip next-hop 1.1.1.1

int f0/0
ip policy route-map webserver
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I can ping the router but router can't ping me superkingkong Cisco 2 04-17-2010 01:59 PM
Routing problem with multihomed router. Agustin Cisco 3 09-05-2006 07:45 PM
Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router war_wheelan@yahoo.com Cisco 1 12-14-2005 03:31 PM
Multihomed BGP on one router causing memory probs? Dan Berlin Cisco 3 06-18-2004 05:15 PM
Need to securely connect workstations on another WAN to my WAN kev Cisco 4 11-17-2003 01:55 AM



Advertisments