2 sites, connected with PPP T1, internet connetion on both sides - REDUNDANT INTERNET POSSIBLE?

Discussion in 'Cisco' started by jkeegan@optonline.nnet, Aug 20, 2004.

  1. Guest

    Given the following scenario:

    Site 1:Cisco 1720 router
    --------------------------------------
    FastEthernet0: 10.0.1.1 255.255.255.0
    Serial0: 172.16.1.1 255.255.255.252
    encap HDLC
    ip subnet-zero
    Router EIGRP 100
    network 172.16.0.0
    network 10.0.0.0
    no auto-summary
    ip route 0.0.0.0 0.0.0.0 10.0.1.254 (sonicwall firewall)

    client configuration: DHCP
    10.0.1.50-10.0.1.200
    SNM: 255.255.255.0
    DG: 10.0.1.1

    Site 2:Cisco 1720 router
    --------------------------------------
    FastEthernet0: 10.0.2.1 255.255.255.0
    Serial0: 172.16.1.2 255.255.255.252
    encap HDLC
    ip subnet-zero
    Router EIGRP 100
    network 172.16.0.0
    network 10.0.0.0
    no auto-summary
    ip route 0.0.0.0 0.0.0.0 10.0.2.254 (sonicwall firewall)

    client configuration: DHCP
    10.0.2.50-10.0.2.200
    SNM: 255.255.255.0
    DG: 10.0.2.1


    How can these sites internet connections be made redundant? For
    example, sine the routers on each side each have a default route to
    the local firewall (a sonicwall device), how can I configure these
    routers so that, if the sonicwall locally is unresponsive (i.e. the
    local internet connectiion is down), the router automatically routes
    the connection to the default gateway of the router on the other side
    of the WAN?

    There has to be an easy way to make this happen. Any help is
    appreciated.

    Thanks!
    Joe Keegan
     
    , Aug 20, 2004
    #1
    1. Advertising

  2. PES Guest

    This would be very simple if the Sonicwall could detect the link down. My
    guess is that your sonicwall is connected to a broadband connection of some
    sort. Therefore the interface state probably doesn't go down every time
    there is a interruption in service. So if the sonicwall cannot detect the
    link down itself there is no easy way to redirect this with Cisco.

    The only thing I could think of is if you got the Sonicwalls configured
    correctly to handle both subnets. Then configured the Cisco's to have a
    persistent host route to the upstream gateway from the sonicwall (each isp).
    Then configure ping based routing to track that address. If not available
    use a floating static accross the wan. Not that simple, but it might work.

    <> wrote in message
    news:...
    > Given the following scenario:
    >
    > Site 1:Cisco 1720 router
    > --------------------------------------
    > FastEthernet0: 10.0.1.1 255.255.255.0
    > Serial0: 172.16.1.1 255.255.255.252
    > encap HDLC
    > ip subnet-zero
    > Router EIGRP 100
    > network 172.16.0.0
    > network 10.0.0.0
    > no auto-summary
    > ip route 0.0.0.0 0.0.0.0 10.0.1.254 (sonicwall firewall)
    >
    > client configuration: DHCP
    > 10.0.1.50-10.0.1.200
    > SNM: 255.255.255.0
    > DG: 10.0.1.1
    >
    > Site 2:Cisco 1720 router
    > --------------------------------------
    > FastEthernet0: 10.0.2.1 255.255.255.0
    > Serial0: 172.16.1.2 255.255.255.252
    > encap HDLC
    > ip subnet-zero
    > Router EIGRP 100
    > network 172.16.0.0
    > network 10.0.0.0
    > no auto-summary
    > ip route 0.0.0.0 0.0.0.0 10.0.2.254 (sonicwall firewall)
    >
    > client configuration: DHCP
    > 10.0.2.50-10.0.2.200
    > SNM: 255.255.255.0
    > DG: 10.0.2.1
    >
    >
    > How can these sites internet connections be made redundant? For
    > example, sine the routers on each side each have a default route to
    > the local firewall (a sonicwall device), how can I configure these
    > routers so that, if the sonicwall locally is unresponsive (i.e. the
    > local internet connectiion is down), the router automatically routes
    > the connection to the default gateway of the router on the other side
    > of the WAN?
    >
    > There has to be an easy way to make this happen. Any help is
    > appreciated.
    >
    > Thanks!
    > Joe Keegan
    >
    >
     
    PES, Aug 21, 2004
    #2
    1. Advertising

  3. Guest

    You're on the right track. The 1st thing you need to do is configure
    an SAA probe. Pick an external address that you will use to determine
    if the connection is up. It can be the same for each site, or
    different for each site.

    rtr 1
    type echo protocol ipIcmpEcho x.x.x.x
    rtr schedule 1 start-time now life forever

    Where x.x.x.x is the address you are monitoring.

    Next, create a tracked object for rtr 1

    track 10 rtr 1 reachability

    Now the poblem is that you have to make sure your rtr pings go out
    through your local firewall, not accross the WAN to the other
    firewall, otherwise it will mistakenly think the connection is up.

    ip access-list RTR
    permit icmp any host x.x.x.x echo
    route-map MAP permit 10
    match ip address RTR
    set ip next-hop y.y.y.y
    set interface null0

    Where x.x.x.x is the address you are monitoring, and y.y.y.y is the
    address of your firewall. The set interface null0, is not really
    necessay because your firwall is directly connected. But in other
    situations it might be, and it does no harm.

    Next, make your default routes dependent on the rtr status.

    ip route 0.0.0.0 0.0.0.0 y.y.y.y track 10

    Then redistribute the default static into eigrp.

    router eigrp 100
    redistribute static metric 1500 100 255 1 1500

    You may want to tweak the rtr parameters to get the desired results.
    Check the documentation for details.

    You could also use a floating static instead of redsitributing, but if
    both Internet connections are down it will result in a routing loop.

    On Sat, 21 Aug 2004 08:39:31 -0400, "PES"
    <NO*SPAMpestewartREMOVE**SUCKS> wrote:

    >This would be very simple if the Sonicwall could detect the link down. My
    >guess is that your sonicwall is connected to a broadband connection of some
    >sort. Therefore the interface state probably doesn't go down every time
    >there is a interruption in service. So if the sonicwall cannot detect the
    >link down itself there is no easy way to redirect this with Cisco.
    >
    >The only thing I could think of is if you got the Sonicwalls configured
    >correctly to handle both subnets. Then configured the Cisco's to have a
    >persistent host route to the upstream gateway from the sonicwall (each isp).
    >Then configure ping based routing to track that address. If not available
    >use a floating static accross the wan. Not that simple, but it might work.
    >
    ><> wrote in message
    >news:...
    >> Given the following scenario:
    >>
    >> Site 1:Cisco 1720 router
    >> --------------------------------------
    >> FastEthernet0: 10.0.1.1 255.255.255.0
    >> Serial0: 172.16.1.1 255.255.255.252
    >> encap HDLC
    >> ip subnet-zero
    >> Router EIGRP 100
    >> network 172.16.0.0
    >> network 10.0.0.0
    >> no auto-summary
    >> ip route 0.0.0.0 0.0.0.0 10.0.1.254 (sonicwall firewall)
    >>
    >> client configuration: DHCP
    >> 10.0.1.50-10.0.1.200
    >> SNM: 255.255.255.0
    >> DG: 10.0.1.1
    >>
    >> Site 2:Cisco 1720 router
    >> --------------------------------------
    >> FastEthernet0: 10.0.2.1 255.255.255.0
    >> Serial0: 172.16.1.2 255.255.255.252
    >> encap HDLC
    >> ip subnet-zero
    >> Router EIGRP 100
    >> network 172.16.0.0
    >> network 10.0.0.0
    >> no auto-summary
    >> ip route 0.0.0.0 0.0.0.0 10.0.2.254 (sonicwall firewall)
    >>
    >> client configuration: DHCP
    >> 10.0.2.50-10.0.2.200
    >> SNM: 255.255.255.0
    >> DG: 10.0.2.1
    >>
    >>
    >> How can these sites internet connections be made redundant? For
    >> example, sine the routers on each side each have a default route to
    >> the local firewall (a sonicwall device), how can I configure these
    >> routers so that, if the sonicwall locally is unresponsive (i.e. the
    >> local internet connectiion is down), the router automatically routes
    >> the connection to the default gateway of the router on the other side
    >> of the WAN?
    >>
    >> There has to be an easy way to make this happen. Any help is
    >> appreciated.
    >>
    >> Thanks!
    >> Joe Keegan
    >>
    >>

    >
     
    , Aug 21, 2004
    #3
  4. Guest

    UGH! Thanks, I know that this is SO CLOSE to the answer, but my
    router TRACK command doesn't know how to track anything except for an
    interface or a route.

    - I was able to use RTR to configure the echo.
    - when I went to track the rtr object, the only options available to
    track were an interface on the router, a route, or an IP.

    Any ideas? Thanks so much!

    On Sat, 21 Aug 2004 15:24:50 -0400, wrote:

    >You're on the right track. The 1st thing you need to do is configure
    >an SAA probe. Pick an external address that you will use to determine
    >if the connection is up. It can be the same for each site, or
    >different for each site.
    >
    > rtr 1
    > type echo protocol ipIcmpEcho x.x.x.x
    > rtr schedule 1 start-time now life forever
    >
    >Where x.x.x.x is the address you are monitoring.
    >
    >Next, create a tracked object for rtr 1
    >
    > track 10 rtr 1 reachability
    >
    >Now the poblem is that you have to make sure your rtr pings go out
    >through your local firewall, not accross the WAN to the other
    >firewall, otherwise it will mistakenly think the connection is up.
    >
    > ip access-list RTR
    > permit icmp any host x.x.x.x echo
    > route-map MAP permit 10
    > match ip address RTR
    > set ip next-hop y.y.y.y
    > set interface null0
    >
    >Where x.x.x.x is the address you are monitoring, and y.y.y.y is the
    >address of your firewall. The set interface null0, is not really
    >necessay because your firwall is directly connected. But in other
    >situations it might be, and it does no harm.
    >
    >Next, make your default routes dependent on the rtr status.
    >
    > ip route 0.0.0.0 0.0.0.0 y.y.y.y track 10
    >
    >Then redistribute the default static into eigrp.
    >
    > router eigrp 100
    > redistribute static metric 1500 100 255 1 1500
    >
    >You may want to tweak the rtr parameters to get the desired results.
    >Check the documentation for details.
    >
    >You could also use a floating static instead of redsitributing, but if
    >both Internet connections are down it will result in a routing loop.
    >
    >On Sat, 21 Aug 2004 08:39:31 -0400, "PES"
    ><NO*SPAMpestewartREMOVE**SUCKS> wrote:
    >
    >>This would be very simple if the Sonicwall could detect the link down. My
    >>guess is that your sonicwall is connected to a broadband connection of some
    >>sort. Therefore the interface state probably doesn't go down every time
    >>there is a interruption in service. So if the sonicwall cannot detect the
    >>link down itself there is no easy way to redirect this with Cisco.
    >>
    >>The only thing I could think of is if you got the Sonicwalls configured
    >>correctly to handle both subnets. Then configured the Cisco's to have a
    >>persistent host route to the upstream gateway from the sonicwall (each isp).
    >>Then configure ping based routing to track that address. If not available
    >>use a floating static accross the wan. Not that simple, but it might work.
    >>
    >><> wrote in message
    >>news:...
    >>> Given the following scenario:
    >>>
    >>> Site 1:Cisco 1720 router
    >>> --------------------------------------
    >>> FastEthernet0: 10.0.1.1 255.255.255.0
    >>> Serial0: 172.16.1.1 255.255.255.252
    >>> encap HDLC
    >>> ip subnet-zero
    >>> Router EIGRP 100
    >>> network 172.16.0.0
    >>> network 10.0.0.0
    >>> no auto-summary
    >>> ip route 0.0.0.0 0.0.0.0 10.0.1.254 (sonicwall firewall)
    >>>
    >>> client configuration: DHCP
    >>> 10.0.1.50-10.0.1.200
    >>> SNM: 255.255.255.0
    >>> DG: 10.0.1.1
    >>>
    >>> Site 2:Cisco 1720 router
    >>> --------------------------------------
    >>> FastEthernet0: 10.0.2.1 255.255.255.0
    >>> Serial0: 172.16.1.2 255.255.255.252
    >>> encap HDLC
    >>> ip subnet-zero
    >>> Router EIGRP 100
    >>> network 172.16.0.0
    >>> network 10.0.0.0
    >>> no auto-summary
    >>> ip route 0.0.0.0 0.0.0.0 10.0.2.254 (sonicwall firewall)
    >>>
    >>> client configuration: DHCP
    >>> 10.0.2.50-10.0.2.200
    >>> SNM: 255.255.255.0
    >>> DG: 10.0.2.1
    >>>
    >>>
    >>> How can these sites internet connections be made redundant? For
    >>> example, sine the routers on each side each have a default route to
    >>> the local firewall (a sonicwall device), how can I configure these
    >>> routers so that, if the sonicwall locally is unresponsive (i.e. the
    >>> local internet connectiion is down), the router automatically routes
    >>> the connection to the default gateway of the router on the other side
    >>> of the WAN?
    >>>
    >>> There has to be an easy way to make this happen. Any help is
    >>> appreciated.
    >>>
    >>> Thanks!
    >>> Joe Keegan
    >>>
    >>>

    >>
     
    , Aug 23, 2004
    #4
  5. Guest

    You need version 12.3.4T or later.

    On Mon, 23 Aug 2004 15:34:34 -0400, wrote:

    >UGH! Thanks, I know that this is SO CLOSE to the answer, but my
    >router TRACK command doesn't know how to track anything except for an
    >interface or a route.
    >
    >- I was able to use RTR to configure the echo.
    >- when I went to track the rtr object, the only options available to
    >track were an interface on the router, a route, or an IP.
    >
    >Any ideas? Thanks so much!
    >
     
    , Sep 8, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jürgen Wagner

    Read signal strength of network connetion

    Jürgen Wagner, Aug 15, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    521
    Pavel A.
    Aug 16, 2004
  2. Stuart Kendrick

    redundant switches / redundant server NICs

    Stuart Kendrick, Aug 9, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,494
    Stuart Kendrick
    Aug 10, 2004
  3. Replies:
    22
    Views:
    764
  4. Terry Pinnell

    Inkjet printing both sides

    Terry Pinnell, Mar 16, 2008, in forum: Digital Photography
    Replies:
    71
    Views:
    2,078
    Arthur Entlich
    Mar 23, 2008
  5. Replies:
    1
    Views:
    407
    Chuck [MVP]
    Apr 27, 2008
Loading...

Share This Page