Kind Regards,
Wilson./


On 13 December 2013 19:53, Odhiambo Washington <odhiambo@gmail.com> wrote:
Hello Cisco gurus,

I need a third eye here. I am configuring a Cisco 1841 so that I can get failover for outbout (Internet) traffic when ISP link goes down. I decided to base my config on route-maps.
I have installed a 3G card, and configured it to work with Safaricom.
For some very strange reason (hence the third eye need) the automatic failover doesn't appear to work correctly. When I unplug the other ISP's cable, I can go out via 3G though.

I am doubting my routes configuration, but I am not sure this is it:
p route 0.0.0.0 0.0.0.0 JTL-GW-IP
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 10
"
Having looked at safaricom's 3G IP assignments, I am wondering if instead of using "ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 10", I could just do "ip route 0.0.0.0 0.0.0.0 10.64.64.64 10" ??

Well, I am not even sure that is the problem.

PS: Don't worry about the passwords. They are already obfuscated.

Here is my whole config:

Current configuration : 4601 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C1841-FOOBAR
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S.xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp excluded-address 192.168.0.210 192.168.0.254
!
ip dhcp pool FOOBAR
   network 192.168.0.0 255.255.255.0
   netbios-name-server 192.168.0.2
   domain-name FOOBAR.local
   default-router 192.168.0.1
   dns-server 196.201.225.18 196.201.225.19
   lease 0 2
!
!
ip domain name FOOBAR.local
ip name-server 196.201.225.18
ip name-server 196.201.225.19
ip name-server 41.222.10.26
!
multilink bundle-name authenticated
chat-script gsm "" "ATDT*99#" TIMEOUT 30 CONNECT
!
!
!
!
username admin privilege 15 secret 5 $1$k8ao$InezrCcTAPQKNh1iVPhJH.
username tech0 privilege 15 secret 5 $1$z0I3$ynm.qXVzt57atF1OZDSdG1
archive
 log config
  hidekeys
!
!
!
!
ip ssh version 2
!
!
!
interface FastEthernet0/0
 description lan
 ip address 192.168.40.250 255.255.255.0
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 shutdown
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description WAN - 2/2Mbps to JTL
 ip address NN.NN.NN.NN 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 shutdown
 duplex auto
 speed auto
!
interface Cellular0/0/0
 description 3G Internet with Safaricom
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 0
 dialer string gsm
 dialer-group 1
 async mode interactive
 ppp chap hostname saf
 ppp chap password 7 0000121205
 ppp ipcp dns request
 ppp ipcp route default
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 JTL-GW-IP
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 10
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map JTL interface FastEthernet0/1 overload
ip nat inside source route-map SAFCOM interface Cellular0/0/0 overload
ip nat inside source static tcp 192.168.0.2 1234 NN.NN.NN.NN 1234 extendable
ip nat inside source static tcp 192.168.0.2 3389 NN.NN.NN.NN 3389 extendable
ip nat inside source static tcp 192.168.0.2 8081 NN.NN.NN.NN 8081 extendable
ip nat inside source static tcp 192.168.0.2 8082 NN.NN.NN.NN 8082 extendable
ip nat inside source static tcp 192.168.0.2 8083 NN.NN.NN.NN 8083 extendable
!
ip access-list extended netbios
 deny   tcp any any eq 135
 deny   tcp any any eq 137
 deny   udp any any eq netbios-ss
 deny   tcp any any eq 139
 deny   tcp any any eq 445
 deny   udp any any eq 445
 deny   udp any any eq 135
 deny   tcp any any eq 136
 deny   udp any any eq 136
 deny   udp any any eq netbios-ns
 deny   tcp any any eq 138
 deny   udp any any eq netbios-dgm
 permit ip any any
!
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip list 1
!
!
route-map SAFCOM permit 10
 match ip address 102
 match interface Cellular0/0/0
!
route-map JTL permit 10
 match ip address 102
 match interface FastEthernet0/1
!
!
!
control-plane
!
banner login ^C
*******************************************************
^C
!
line con 0
 logging synchronous
 login local
line aux 0
line 0/0/0
 exec-timeout 0 0
 script dialer gsm
 login local
 modem InOut
 no exec
 transport preferred none
 transport output none
line vty 0 4
 password 7 005C4B32165A0510076523
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
end




​@Wash IP SLA will never fail you :). Be sure to track a host that is reliable. I noted unicast IPs like 4.2.2.2 sometimes are horible and may give you false alarms.

 

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke