2 sites, connected with PPP T1, internet connetion on both sides - REDUNDANT INTERNET POSSIBLE?

Given the following scenario:

Site 1:Cisco 1720 router
--------------------------------------
FastEthernet0: 10.0.1.1 255.255.255.0
Serial0: 172.16.1.1 255.255.255.252
encap HDLC
ip subnet-zero
Router EIGRP 100
network 172.16.0.0
network 10.0.0.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 10.0.1.254 (sonicwall firewall)

client configuration: DHCP
10.0.1.50-10.0.1.200
SNM: 255.255.255.0
DG: 10.0.1.1

Site 2:Cisco 1720 router
--------------------------------------
FastEthernet0: 10.0.2.1 255.255.255.0
Serial0: 172.16.1.2 255.255.255.252
encap HDLC
ip subnet-zero
Router EIGRP 100
network 172.16.0.0
network 10.0.0.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 10.0.2.254 (sonicwall firewall)

client configuration: DHCP
10.0.2.50-10.0.2.200
SNM: 255.255.255.0
DG: 10.0.2.1


How can these sites internet connections be made redundant? For
example, sine the routers on each side each have a default route to
the local firewall (a sonicwall device), how can I configure these
routers so that, if the sonicwall locally is unresponsive (i.e. the
local internet connectiion is down), the router automatically routes
the connection to the default gateway of the router on the other side
of the WAN?

There has to be an easy way to make this happen. Any help is
appreciated.

Thanks!
Joe Keegan

 

This would be very simple if the Sonicwall could detect the link down. My
guess is that your sonicwall is connected to a broadband connection of some
sort. Therefore the interface state probably doesn't go down every time
there is a interruption in service. So if the sonicwall cannot detect the
link down itself there is no easy way to redirect this with Cisco.

The only thing I could think of is if you got the Sonicwalls configured
correctly to handle both subnets. Then configured the Cisco's to have a
persistent host route to the upstream gateway from the sonicwall (each isp).
Then configure ping based routing to track that address. If not available
use a floating static accross the wan. Not that simple, but it might work.

 

You're on the right track. The 1st thing you need to do is configure
an SAA probe. Pick an external address that you will use to determine
if the connection is up. It can be the same for each site, or
different for each site.

rtr 1
type echo protocol ipIcmpEcho x.x.x.x
rtr schedule 1 start-time now life forever

Where x.x.x.x is the address you are monitoring.

Next, create a tracked object for rtr 1

track 10 rtr 1 reachability

Now the poblem is that you have to make sure your rtr pings go out
through your local firewall, not accross the WAN to the other
firewall, otherwise it will mistakenly think the connection is up.

ip access-list RTR
permit icmp any host x.x.x.x echo
route-map MAP permit 10
match ip address RTR
set ip next-hop y.y.y.y
set interface null0

Where x.x.x.x is the address you are monitoring, and y.y.y.y is the
address of your firewall. The set interface null0, is not really
necessay because your firwall is directly connected. But in other
situations it might be, and it does no harm.

Next, make your default routes dependent on the rtr status.

ip route 0.0.0.0 0.0.0.0 y.y.y.y track 10

Then redistribute the default static into eigrp.

router eigrp 100
redistribute static metric 1500 100 255 1 1500

You may want to tweak the rtr parameters to get the desired results.
Check the documentation for details.

You could also use a floating static instead of redsitributing, but if
both Internet connections are down it will result in a routing loop.

 

UGH! Thanks, I know that this is SO CLOSE to the answer, but my
router TRACK command doesn't know how to track anything except for an
interface or a route.

- I was able to use RTR to configure the echo.
- when I went to track the rtr object, the only options available to
track were an interface on the router, a route, or an IP.

Any ideas? Thanks so much!

 

You need version 12.3.4T or later.