Question about configurations on Cisco router 3925
Here is my router's configurations (with fake public IP addresses;-)
interface GigabitEthernet0/0
ip address 113.160.61.14 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 101.96.10.141 255.255.255.192
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/2
ip address 172.16.2.28 255.255.255.248
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip nat inside source list ftth interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 113.160.61.13 100
ip route 0.0.0.0 0.0.0.0 101.96.10.129 200
ip access-list extended ftth
permit ip 192.168.7.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.8.0 0.0.0.255 any
permit ip 192.168.9.0 0.0.0.255 any
This is a result from "show ip int b"
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 113.160.61.14 YES NVRAM up up
GigabitEthernet0/1 101.96.10.141 YES manual up up
NVI0 113.160.61.14 YES unset up up
==========================
So as you can see we have 2 WAN interfaces to 2 different ISPs, we change some configurations and saw some behaviors as below:
1. If I keep this setting, both WAN links are okay as we can ping 8.8.8.8 from them (ping source), the default route go to 113.160.61.13 as expected.
2. If I change "ip nat inside source list ftth interface GigabitEthernet0/0 overload" to "ip nat inside source list ftth interface GigabitEthernet0/1 overload", both WAN links are still okay as we can ping 8.8.8.8 from them (ping source), the default route still go through 113.160.61.13
3. But If I did step 2, also change "ip route 0.0.0.0 0.0.0.0 101.96.10.129 200" to "ip route 0.0.0.0 0.0.0.0 101.96.10.129 20", there is no more Internet, can ping 8.8.8.8 from source 101.96.10.141 but cannot from the other link
4. The Internet come back when I shutdown interface g0/0, default route now points to 101.96.10.129
So can anyone explain these behaviors on step 2, 3 and 4? Is NVI interface related ? We would like to have both 2 links UP and can ping 8.8.8.8
interface GigabitEthernet0/0
ip address 113.160.61.14 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 101.96.10.141 255.255.255.192
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/2
ip address 172.16.2.28 255.255.255.248
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip nat inside source list ftth interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 113.160.61.13 100
ip route 0.0.0.0 0.0.0.0 101.96.10.129 200
ip access-list extended ftth
permit ip 192.168.7.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.8.0 0.0.0.255 any
permit ip 192.168.9.0 0.0.0.255 any
This is a result from "show ip int b"
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 113.160.61.14 YES NVRAM up up
GigabitEthernet0/1 101.96.10.141 YES manual up up
NVI0 113.160.61.14 YES unset up up
==========================
So as you can see we have 2 WAN interfaces to 2 different ISPs, we change some configurations and saw some behaviors as below:
1. If I keep this setting, both WAN links are okay as we can ping 8.8.8.8 from them (ping source), the default route go to 113.160.61.13 as expected.
2. If I change "ip nat inside source list ftth interface GigabitEthernet0/0 overload" to "ip nat inside source list ftth interface GigabitEthernet0/1 overload", both WAN links are still okay as we can ping 8.8.8.8 from them (ping source), the default route still go through 113.160.61.13
3. But If I did step 2, also change "ip route 0.0.0.0 0.0.0.0 101.96.10.129 200" to "ip route 0.0.0.0 0.0.0.0 101.96.10.129 20", there is no more Internet, can ping 8.8.8.8 from source 101.96.10.141 but cannot from the other link
4. The Internet come back when I shutdown interface g0/0, default route now points to 101.96.10.129
So can anyone explain these behaviors on step 2, 3 and 4? Is NVI interface related ? We would like to have both 2 links UP and can ping 8.8.8.8
ASKER
@ Predrag: nice to see you :) but do you know why The Internet only came back when I turned off interface g0/0? in step 4?
Is NVI interface related to the problem? I cannot deleted it, can I?
Is NVI interface related to the problem? I cannot deleted it, can I?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have proper configuration of NAT on link that was provided on other question related to load balance and fail over. You need to configure NAT statement with route map to match source ip address and matching interface in route map. Configuring just ACL and use it in NAT statement will not work for failover scenario.