ISP Troubleshooting
Route Map & GLBP?
redondo
Feb 26, 2004, 4:47pm PST
any problem? thanks
7401----ISP1
|
Layer 2 Switch--- PIX---Inside Network
|
7401----ISP2
relative config only
PIX:
nat (inside) 1 10.10.10.0 255.255.255.0
global (outside) 1 209.165.0.10-209.165.0.14 netmask 255.255.255.248
nat (inside) 2 10.20.20.0 255.255.255.0
global (outside) 2 222..171.201.10-222.171.201.14 netmask 255.255.255.248
static (inside,outside) 209.165.0.9 10.10.10.1 netmask 255.255.255.248
static (inside,outside) 222.171.201.9 10.20.20.1 netmask 255.255.255.248
access-list 101 permit tcp any host 209.165.0.9 eq www
access-list 101 permit tcp any host 209.165.0.9 eq 8080
access-list 101 permit tcp any host 222.171.201.9 eq smtp
access-group 101 in interface outside
ip route 0.0.0.0 0.0.0.0 192.168.0.1
7401A:
interface FastEthernet 0/0
ip address 209.165.0.2 255.255.255.248
!
interface FastEthernet 0/1
ip address 192.168.0.2 255.255.255.0
glbp 10 load-balancing host-dependent
glbp 10 ip 192.168.0.1
ip policy route-map isp
!
access-list 1 permit ip 209.165.0.8 0.0.0.7
access-list 2 permit ip 222.171.201.8 0.0.0.7
!
route-map isp permit 10
match ip address 1
set ip next-hop 209.165.0.1
!
route-map isp permit 20
match ip address 2
set ip next-hop 192.168.0.3
!
7401B:
interface FastEthernet 0/0
ip address 222.171.201.2 255.255.255.248
!
interface FastEthernet 0/1
ip address 192.168.0.3 255.255.255.0
glbp 10 load-balancing host-dependent
glbp 10 ip 192.168.0.1
ip policy route-map isp
!
access-list 1 permit ip 209.165.0.8 0.0.0.7
access-list 2 permit ip 222.171.201.8 0.0.0.7
!
route-map isp permit 10
match ip address 1
set ip next-hop 192.168.0.2
!
route-map isp permit 20
match ip address 2
set ip next-hop 222.171.201.1
redondo
Feb 26, 2004, 4:47pm PST
any problem? thanks
7401----ISP1
|
Layer 2 Switch--- PIX---Inside Network
|
7401----ISP2
relative config only
PIX:
nat (inside) 1 10.10.10.0 255.255.255.0
global (outside) 1 209.165.0.10-209.165.0.14 netmask 255.255.255.248
nat (inside) 2 10.20.20.0 255.255.255.0
global (outside) 2 222..171.201.10-222.171.201.14 netmask 255.255.255.248
static (inside,outside) 209.165.0.9 10.10.10.1 netmask 255.255.255.248
static (inside,outside) 222.171.201.9 10.20.20.1 netmask 255.255.255.248
access-list 101 permit tcp any host 209.165.0.9 eq www
access-list 101 permit tcp any host 209.165.0.9 eq 8080
access-list 101 permit tcp any host 222.171.201.9 eq smtp
access-group 101 in interface outside
ip route 0.0.0.0 0.0.0.0 192.168.0.1
7401A:
interface FastEthernet 0/0
ip address 209.165.0.2 255.255.255.248
!
interface FastEthernet 0/1
ip address 192.168.0.2 255.255.255.0
glbp 10 load-balancing host-dependent
glbp 10 ip 192.168.0.1
ip policy route-map isp
!
access-list 1 permit ip 209.165.0.8 0.0.0.7
access-list 2 permit ip 222.171.201.8 0.0.0.7
!
route-map isp permit 10
match ip address 1
set ip next-hop 209.165.0.1
!
route-map isp permit 20
match ip address 2
set ip next-hop 192.168.0.3
!
7401B:
interface FastEthernet 0/0
ip address 222.171.201.2 255.255.255.248
!
interface FastEthernet 0/1
ip address 192.168.0.3 255.255.255.0
glbp 10 load-balancing host-dependent
glbp 10 ip 192.168.0.1
ip policy route-map isp
!
access-list 1 permit ip 209.165.0.8 0.0.0.7
access-list 2 permit ip 222.171.201.8 0.0.0.7
!
route-map isp permit 10
match ip address 1
set ip next-hop 192.168.0.2
!
route-map isp permit 20
match ip address 2
set ip next-hop 222.171.201.1
--------------------------------------------------------------------------
配置上基本上没问题,但我认为应该让其中一边的路由器用glbp priority 110把一边的priority升高,而且要设glbp preempt.而另一边的路由器把route-map拿掉。因为在这两个7401和pix的网段中,客户只有一个pix,所以glbp根本就不起作用,等于hsrp,所以同一时间pix只会把数据传到其中一个7401,这样用route-map,可以起到分流的作用。但pix只有当其中正在用的那个7401当掉的时候才会把数据送到另一个7401,这时再用route-map就反而另数据丢失了,因为另一个7401已不可用。其实这个情况应该设置object track,让如果正用的7401的到isp的链路断掉,就放弃active gateway的资格。
浙公网安备 33010602011771号