WAN Failover on Cisco1841

There are often requests for information regarding Cisco failovers. The following seems to work with 12.4 and higher. It should also work with 12.3, but this has not been tested.




Cisco provides a little known item called a tracking object. None of the following can be done through the SDM. It must be done through the CLI, however, it's recommended that you do everything through the CLI. The SDM has some interesting inadequacies (for another article).



You will need at least two remote IPs to use as a test. For example, you can use 4.2.2.1 for the first and 4.2.2.2 for the second. These two IPs are never down. You will need to create a host static route for each of the IPs going out the interface to test. There is an example of this in the config. Also included are the overload statements.



Hopefully the following helps. If you know if a better way to do this, please share it here. This was created using a known good configuration of a real client.



LEGEND



your_first_test_ip = the ip you will use to test your primary connection.

your _second_test_ip = the ip you will use to test your secondary connection.

your_primary_firsthop_ip = the first outside hop of your primary connection. Default route for primary connection.

your_secondary_firsthop_ip = the first outside hop of your secondary connection. Default route for secondary connection.

primary_interface = the interface name of your primary Internet connection.

secondary_interface = the interface name of your secondary Internet connection.

internal_ip_range = ip range of your internal devices.

This sample config assumes 2 connections. Once secondary and one primary.



Config:

IP sla monitor 1 type echo protocol ipIcmpEcho your_first_test_ip source-ipaddr your_source_ip timeout 2000 threshold 2000

frequency 3 IP sla monitor schedule 1 life forever start-time now

IP sla monitor 2 type echo protocol ipIcmpEcho your_second_test_ip source-ipaddr your_source_ip timeout 2000 threshold 2000

frequency 3 IP sla monitor schedule 2 life forever start-time now track 100 rtr 1 reachability track 200 rtr 2 reachability

IP route 0.0.0.0 0.0.0.0 your_primary_firsthop_ip track 100

IP route 0.0.0.0 0.0.0.0 your_secondary_firsthop_ip track 200

IP route your_first_test_ip 255.255.255.255 your_primary_firsthop_ip

IP route your_second_test_ip 255.255.255.255 your_secondary_firsthop_ip

IP nat inside source route-map primary interface primary_interface overload

IP nat inside source route-map secondary interface secondary_interface overload

IP access-list extended primary-route 10 permit ip internal_ip_range 0.0.0.255 any

IP access-list extended secondary-route 10 permit ip internal_ip_range 0.0.0.255 any

route-map primary permit 10 match ip address primary-route set ip next-hop your_primary_firsthop_ip

route-map secondary permit 10 match ip address secondary-route set ip next-hop your_secondary_firsthop_ip



Two notes for troubleshooting.



Sh track



This will show you what state your tracking objects are in.

sh ip access-list



Watch for hits to your acl's. This way you can verify your natting.

Get the Best out of what is in your Hand !!!

2 comments:

Basha Shaik said...

Thanks for the information.

Imran Raheel said...

Do we have to do any thing on the remote site as the remote site has a route pointing from the primary WAN connection , do we have to run the track there as well