From: David Prall (dcp@dcptech.com)
Date: Fri Nov 16 2007 - 22:08:50 ART
A key problem with this, is if your VSAT is down yet the address 62.3.0.32
is reachable via the DSL connection. The default will continuously flap back
and forth. Put a static host route in for 62.3.0.32 via the interface it
must traverse. You can also track interface status as well. I also like
tracking things out on the internet, this is possible if you have two
routers, one for each connection.
David
-- http://dcp.dcptech.com> -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > Behalf Of Muhammad Saleem > Sent: Friday, November 16, 2007 4:09 PM > To: 'David Prall' > Cc: smorris@ipexpert.com; pahujat@gmail.com; > ccielab@groupstudy.com; joseph.samir.saad@gmail.com > Subject: RE: Two default gateway (IP Route ..) > > Yes guys, it's working for outbound traffic > > ip sla monitor 1 > type echo protocol ipIcmpEcho 62.3.0.32 > timeout 1000 > frequency 3 > threshold 2 > > ip sla monitor schedule 1 life forever start-time now > track 123 rtr 1 reachability > > ip route 0.0.0.0 0.0.0.0 192.168.43.2 track 123 > ip route 0.0.0.0 0.0.0.0 192.168.43.10 50 > > 62.3.0.32 is the default gateway of ISP-1 (VSAT), so if VSAT > link is down my > DSL link will become the ideal route to carry the entire > outbound request. > I just have tested it in my home, its working fine as I wanted. > For the In bound traffic, primary DNS and secondary DNS > formula may fail > because if the client request is coming from Secondary DNS NOT because > primary is down but because of the load on primary DNS then > my internal > server will try to reply the request through VSAT connection > because VSAT > connection is still up, but actually server was getting > request from the DSL > connection, that might be a problem or not?? > > Thanx everyone for very useful reply, specially Tarun for the > weblink. > > -----Original Message----- > From: David Prall [mailto:dcp@dcptech.com] > Sent: Wednesday, November 14, 2007 8:48 PM > To: 'Muhammad Saleem'; smorris@ipexpert.com > Cc: ccielab@groupstudy.com; 'Mohamed, Liban [NTK]' > Subject: RE: Two default gateway (IP Route ..) > > How are you going to only advertise one DNS server. If you go > to your NIC, > you have to have all of your DNS servers registered. You will > get requests > to both DNS servers. Using something that can dynamically > respond based on > the status of links and external reachability. You might be able to do > something like this using Distributed Director within > Enterprise IOS. But > something like a Global Site Selector to determine what to return. > > I prefer one link over the other by placing a number of DNS > servers on that > side, and only one on the secondary/backup link. The > secondary/backup still > gets requests, but a lot fewer then the primary. > > David > > -- > http://dcp.dcptech.com > > > > -----Original Message----- > > From: Muhammad Saleem [mailto:msaleems@gmail.com] > > Sent: Wednesday, November 14, 2007 12:01 PM > > To: smorris@ipexpert.com > > Cc: ccielab@groupstudy.com; dcp@dcptech.com; 'Mohamed, Liban [NTK]' > > Subject: RE: Two default gateway (IP Route ..) > > > > > > My understanding is as following. > > Inbound request is coming to Primary DNS, P.DNS will respond > > the IP add > > given by First ISP-1, if VSAT link is down the inbound > > request will come to > > the Secondary DNS, S.DNS will respond the IP add given by > > second ISP-2. > > Inbound request is coming from one of the ISP and terminating > > at the server > > but in the return path when internal server is going to > respond to the > > request (Web request or SMTP request) it will be going to the > > L3 switch SVI > > and switch firstly try to respond from lower distance route > > like (IP add of > > Internal NIC of Pix >> VSAT modem then ISP-1) if the route > > does not respond > > like VSAT is down then switch will try to respond the request > > from higher > > distance route like (IP add of Internal NIC of ISA >> DSL > > modem then ISP-2). > > I want to use DSL only for this purpose. > > Please correct me if I am wrong. > > Saleem > > > > -----Original Message----- > > From: Scott Morris [mailto:smorris@ipexpert.com] > > Sent: Wednesday, November 14, 2007 5:34 PM > > To: 'Muhammad Saleem'; 'Mohamed, Liban [NTK]' > > Cc: ccielab@groupstudy.com; dcp@dcptech.com > > Subject: RE: Two default gateway (IP Route ..) > > > > If you are going through a PIX/ASA, the state table will have > > entries for > > which NAT pool was used to translate (perhaps indicating > > which incoming path > > was used) so at least proper translation on outbound packets > > is completed. > > However, once it comes to routing if they are of the same > > interface then > > it's simply in order of preference as far as I have seen. > > > > If you have your two outside routes on separate inbound > > interfaces, then the > > state table will actually "take care of" your outbound > route choice by > > delivering the outbound packets back to the correct outside > > interface and > > then it will look up it's 0/0 route appropriately. > > > > In your case though, you are going to two completely separate > > devices on the > > inbound. So you're losing any sense of state when NAT'ing > > internally. Your > > packets get to servers/hosts/whatever, and they make their > > own individual > > choices for sending packets out. Once the packets get to > > their outbound > > gateway, it'll go through whatever NAT/routing is configured > > on that box > > with disregard to the other. > > > > If you're doing this just on a single router we may be able > > to play with > > other things like DSCP values and such, but you'd still have to have > > server/hosts able to mark in the same fashion otherwise you'd > > mark inbound > > but have nothing for outbound distinction. > > > > HTH, > > > > > > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) > > #4713, JNCIE-M > > #153, JNCIS-ER, CISSP, et al. > > CCSI/JNCI-M/JNCI-ER > > VP - Technical Training - IPexpert, Inc. > > IPexpert Sr. Technical Instructor > > > > A Cisco Learning Partner - We Accept Learning Credits! > > > > smorris@ipexpert.com > > > > > > > > Telephone: +1.810.326.1444 > > Fax: +1.810.454.0130 > > http://www.ipexpert.com > > > > > > > > > > > > -----Original Message----- > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > > Behalf Of > > Muhammad Saleem > > Sent: Wednesday, November 14, 2007 2:16 AM > > To: 'Mohamed, Liban [NTK]' > > Cc: ccielab@groupstudy.com; dcp@dcptech.com > > Subject: RE: Two default gateway (IP Route ..) > > > > VSAT-----CE1 (VSAT Modem>>External NIC of Pix FW >> Internal > > NIC of Pix FW > > >>Internal Server (P-DNS, WEB, Email) > > DSL------CE2 (DSL Modem>>External NIC of Microsoft ISA FW >> > > Internal NIC of > > Microsoft ISA FW >> Internal Server (S-DNS, WEB, Email) Pix > > internal NIC, > > Microsoft ISA internal NIC and Internal servers are > connected in CISCO > > Catalyst 3750 switch and belong to same VLAN, and I am > > configuring static > > routes in the same switch. > > > > Saleem > > > > -----Original Message----- > > From: Mohamed, Liban [NTK] [mailto:Liban.Mohamed@sprint.com] > > Sent: Wednesday, November 14, 2007 9:31 AM > > To: Muhammad Saleem > > Subject: RE: Two default gateway (IP Route ..) > > > > Mohamed so just to understand your set up. > > > > > > VSAT-----CE1-----Internal Server (P-DNS, WEB) > > DSL------CE1-----Internal > > Server (S-DNS, WEB-Server) > > > > You want the DSL to take over in case the VSAT fails right? > > Since the VSAT > > and the DSL comes to one CE you want to enter flooding static > > route for > > default-route, that should work just fine, as you have > > setting the admin > > distance of 192.168.43.10 to 50, hence it will be a back up > > > > > > Thanks, > > > > Liban Mohamed > > NTAC-IP > > Sprint/Nextel > > www.sprint.net > > liban.mohamed@sprint.com > > (W) 678-291-3438 > > (PCS) 404-441-9701 > > > > > > > > -----Original Message----- > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > > Behalf Of > > Muhammad Saleem > > Sent: Wednesday, November 14, 2007 12:47 AM > > To: groupstudy@cconlinelabs.com > > Cc: ccielab@groupstudy.com > > Subject: RE: Two default gateway (IP Route ..) > > > > I have P.DNS and S.DNS servers, hosting inside of network, already > > registered with the SaudiNIC, P.DNS contains IP Add from > > ISP-1(connected > > with VSAT), S.DNS will contains IP Add from ISP-2 (connected > > with DSL), If > > client is trying to access Web server it will go through > P.DNS and if > > ISP-1 link is down then the client request will go through > > S.DNS (ISP-2, DSL > > link) and will reach my Web server. > > I have not implemented this scenario yet but I think its gona work. > > If I add one more IP Route like > > ip route 0.0.0.0 0.0.0.0 192.168.43.2 > > ip route 0.0.0.0 0.0.0.0 192.168.43.10 50 > > > > Is it gona solve my problem? > > > > Saleem > > > > -----Original Message----- > > From: Tony Schaffran [mailto:groupstudy@cconlinelabs.com] > > Sent: Wednesday, November 14, 2007 5:05 AM > > To: 'Muhammad Saleem'; ccielab@groupstudy.com > > Subject: RE: Two default gateway (IP Route ..) > > > > For what you are trying to accomplish, I am affraid it is a > > little more > > complicated than it seems. > > > > Without BGP, to get inbound traffic to your web and mail > > servers, you will > > need something like a Fatpipe device or some kind of dynamic DNS > > implementation. > > > > > > Tony Schaffran > > Network Analyst > > CCIE #11071 > > CCNP, CCNA, CCDA, > > NNCDS, NNCSS, CNE, MCSE > > > > www.cconlinelabs.com > > Your #1 choice for online Cisco rack rentals. > > > > > > -----Original Message----- > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > > Behalf Of > > Muhammad Saleem > > Sent: Tuesday, November 13, 2007 7:23 AM > > To: ccielab@groupstudy.com > > Subject: Two default gateway (IP Route ..) > > > > Hi Experts, > > > > > > > > This is a little odd question but related to one of the > > routing issues. > > > > I have one L3 switch, one Server VLAN, Two ISPs, one is > > through VSAT which > > is primary link and second one is DSL link. > > > > VSAT is further connected to outside interface of CISCO Pix Firewall > > protecting Web and Email server. > > > > DSAL is further connected to Microsoft ISA firewall outside > > interface, ISA > > FW will be use to publish Web and Email servers > > > > > > > > I am going to provide availability of Web and Email servers > > in case of VSAT > > link is down. > > > > In CISCO Cat 3750 switch I have defined VLAN for Web and > > Email servers and > > in servers Default Gateway IP I defined the IP address of > > VLAN IP address > > (SVI IP address) > > > > in CISCO Cat 3750 > > > > ip route 0.0.0.0 0.0.0.0 192.168.43.2 > > > > (192.168.43.2 is the Internal IP of CISCO Pix firewall) > > > > With this switch configuration VSAT connection is working > > fine and I can > > access web and email server from outside and inside. > > > > > > > > I want to use DSL link for inbound connection only if main > > VSAT link is > > down, people should be able to access web and Email server > > from Internet. > > > > > > > > Now, I am going to add DSL connection in my network so, > > should I just add > > one more > > > > IP ROUTE entry in my L3 switch like > > > > ip route 0.0.0.0 0.0.0.0 192.168.43.10 ? > > > > (192.168.43.10 is the inside IP of Microsoft ISA firewall) > > > > > > > > Is this enough to get web and email service availability or > > what should I do > > more?? > > > > How can I define two Gateways with different distance, so the > > L3 switch > > recognize that main VSAT link (CISCO Pix) is down so use the > > DSL link(ISA > > Server). > > > > > > > > I will appreciate all the responses. > > > > ______________________________________________________________ > > _________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > ______________________________________________________________ > > _________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > ______________________________________________________________ > > _________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > ______________________________________________________________ > _________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART