Cisco Router and Security Device Manager Dial-Backup Solution



Similar documents
Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

How To Get A New Phone System For Your Business

CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER

NetFlow Feature Acceleration

Cisco Conference Connection

CISCO IOS IP SERVICE LEVEL AGREEMENT

CISCO METRO ETHERNET SERVICES AND SUPPORT

CISCO MDS 9000 FAMILY PERFORMANCE MANAGEMENT

CISCO PIX SECURITY APPLIANCE LICENSING

THE CISCO CRM COMMUNICATIONS CONNECTOR GIVES EMPLOYEES SECURE, RELIABLE, AND CONVENIENT ACCESS TO CUSTOMER INFORMATION

Cisco CNS NetFlow Collection Engine Version 4.0

PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL

CISCO IP PHONE SERVICES SOFTWARE DEVELOPMENT KIT (SDK)

Cisco Router and Security Device Manager File Management

CISCO SMALL AND MEDIUM BUSINESS CLASS VOICE SOLUTIONS: CISCO CALLMANAGER EXPRESS BUNDLES

Cisco IT Data Center and Operations Control Center Tour

Cisco 2-Port OC-3/STM-1 Packet-over-SONET Port Adapter

Serial Connectivity Network Modules for the 2600, 3600, and 3700 Series (NM-1HSSI, NM-4T, NM-4A/S, NM-8A/S, NM-16A/S, NM-16A, NM-32A)

It looks like your regular telephone.

E-Seminar. Financial Management Internet Business Solution Seminar

Cisco Blended Agent: Bringing Call Blending Capability to Your Enterprise

CISCO NETWORK CONNECTIVITY CENTER

THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES

CISCO IOS SOFTWARE FEATURE PACKS FOR THE CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES (MODULAR) INTEGRATED SERVICES ROUTERS

HIGH-DENSITY PACKET VOICE DIGITAL SIGNAL PROCESSOR MODULE FOR CISCO IP COMMUNICATIONS SOLUTION

Cisco CNS NetFlow Collection Engine Version 5.0

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 3800 SERIES ROUTERS

IS YOUR OLD PHONE SYSTEM HANGING UP YOUR DISTRICT? CISCO K 12 DIRECT LINE SOLUTION FOR IP COMMUNICATIONS

CISCO WIRELESS SECURITY SUITE

Cisco PBX Interoperability: Lucent/Avaya Definity G3si V7 PBX with CallManager using Analog FXS and FXO Interfaces as an MGCP Gateway

Cisco 7200 and 7500 Series Routers

Cisco Secure Access Control Server Solution Engine

Cisco GLBP Load Balancing Options

CISCO ATA 186 ANALOG TELEPHONE ADAPTOR

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 2800 SERIES ROUTERS

IP Networking and the Advantages of consolidation

Cisco Systems GigaStack Gigabit Interface Converter

Figure 1. The Cisco Aironet Power Injectors Provide Inline Power to Cisco Aironet Access Points and Bridges

Combined voice and data solution supports Orange s ongoing success in the UK business market

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

Cisco IOS Telephony Services Survivable/Standby Remote Site Telephony

CISCO ATA 188 ANALOG TELEPHONE ADAPTOR

Cisco WebEx Social Compatibility Guide

Cisco Outbound Option

NETWORK AVAILABILITY IMPROVEMENT SUPPORT OPERATIONAL RISK MANAGEMENT ANALYSIS

Cisco 2600XM DSL Router Bundles

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

CISCO CATALYST 3750 SERIES SWITCHES

Cisco 7200 Series Enterprise WAN Aggregation Application

Cisco Aironet 1130AG Series

CISCO AIRONET POWER INJECTOR

CISCO MEETINGPLACE MANAGED SERVICE

Cisco SMB Class Solutions Your Next Phone System Purchase

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express

How To Outtask Metro Ether To A Managed Service Provider

networks (VPNs). models, the Cisco 800 series of routers addresses wide range Figure 1 Cisco 800 Series Routers give Small Offices and Corporate

CISCO CALLMANAGER EXPRESS 3.2

Cisco IOS Firewall Intrusion Detection System

CISCO IP PHONE EXPANSION MODULE 7914

Cisco Solution Incentive Program Asia Pacific

Internal IT Staff at a Serbian Children s Hospital Takes Innovative Approach to Outpatient Care

CISCO MEETINGPLACE FOR OUTLOOK 5.3

E-Seminar. E-Commerce Internet Business Solution Seminar

CISCO NETWORK CONNECTIVITY CENTER MPLS MANAGER 1.0

CISCO CATALYST 6500 SUPERVISOR ENGINE 32

Cisco IT Data Center and Operations Control Center Tour

Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL

SOUTH BAY BMW ACHIEVES UNMATCHED AVAILABILITY AND SECURITY WITH ITS CISCO NETWORK

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

Cisco AVVID Network Enterprise Data Center Solution Overview

Enterprise Reporting

SERIAL AND ASYNCHRONOUS HIGH-SPEED WAN INTERFACE CARDS FOR CISCO 1800, 2800, AND 3800 SERIES INTEGRATED SERVICES ROUTERS

Cisco PIX Device Manager v3.0

CISCO 10GBASE X2 MODULES

Enabling High Availability for Voice Services in Cable Networks

Cisco Systems Brings World-Class Online Banking Solutions to State Bank of India

PREVENTING WORM AND VIRUS OUTBREAKS WITH CISCO SELF-DEFENDING NETWORKS

World Consumer Income and Expenditure Patterns

CISCO 7609 ROUTER ENHANCED 9-SLOT CHASSIS

What is network convergence all about?

The Palace of Versailles Goes Digital, Increasing Revenue and Enhancing Overall Visitor Experience

Cisco Intelligent Contact Management Enterprise Edition

CISCO 100BASE-X SFP FOR FAST ETHERNET SFP PORTS

Cisco Unified IP Conference Station 7936

DATA SHEET. GigaStack GBIC THE CISCO SYSTEMS GIGASTACK GIGABIT INTERFACE CONVERTER (GBIC) IS A VERSATILE, LOW-COST,

Configuring DHCP for ShoreTel IP Phones

Optical Service Modules: OC-3/STM-1, OC-12/STM-4 and OC-48/STM-16 POS, OC-12/STM-4 ATM, Gigabit Ethernet WAN, Channelized T3 (CT3) and OC12/STM-4

Cisco Business Communications Solution. Brochure

City Government Improves Caller Service and Cultivates Economic Vitality

Appendix 1: Full Country Rankings

CISCO WAN MANAGER 15 DATA SHEET

How To Connect A Cisco Aironet 350 Series Wireless Bridge To A Network With A Wireless Bridge

CISCO SMARTNET SUPPORT AND CISCO SMARTNET ONSITE

Transcription:

Application Note Cisco Router and Security Device Manager Dial-Backup Solution Introduction Point-to-Point Protocol over Ethernet (PPPoE) and IP Security (IPSec) VPN deployments are increasing and require a reliable backup solution. Cisco IOS Software provides a Reliable Static Routing Backup using Object Tracking feature. Through the use of Internet Control Message Protocol (ICMP) pings, this feature can identify when a PPPoE or IPSec VPN tunnel goes down, and can allow for the initiation of a dial-ondemand routing (DDR) connection from an alternative port. Currently, the Reliable Static Routing Backup using Object Tracking feature is supported in Cisco IOS Software Release 12.3(2)XE and later for the Cisco 830 Series Secure Broadband Router and the Cisco 1700 Series Modular Access Router. This document describes this feature on analog modem and ISDN interfaces. PPPoE and IPSec VPNs are not covered. Technology Reliable Static Routing Backup Using Object Tracking The Reliable Static Routing Backup using Object Tracking feature introduces the ability to reliably back up PPPoE or IPSec VPN deployments by initiating a DDR connection from an alternative interface if the circuit to the primary gateway goes down. Figure 1 shows a typical scenario. Traffic from the remote LAN is forwarded to the main office from the primary WAN interface of the remote router. If the connection to the main office is lost, the status of the tracked object changes from up to down and the static route is removed. Traffic destined for the main office triggers DDR, and the preconfigured floating static route is installed on the secondary interface. Traffic is then forwarded to the preconfigured destination from the secondary interface. The backup interface can be configured to use the public switched telephone network (PSTN) or the Internet. Figure 1 DDR Initiates Call to Designated Access Server Page 1 of 15

Service Assurance Agent The Reliable Static Routing Backup using Object Tracking feature uses ICMP pings to monitor the state of the connection to the primary gateway. A Service Assurance Agent (SA Agent) is created to ping the primary gateway at a configurable interval. The pings are routed from the primary interface only. A track object is created to monitor the status of the SA Agent. The track object informs the client (the static route) if the state of the object changes, allowing the initiation of a backup DDR connection when the object state changes from up to down. Dial-On-Demand Routing Dial-On-Demand Routing (DDR) is a technique whereby a router can automatically initiate and close a circuit-switched session as transmitting stations demand. DDR permits routing over ISDN or telephone lines using a modem. Benefits of Reliable Static Routing Backup Using Object Tracking PPPoE and IPSec VPN deployment provide cost-effective and secure Internet-based solutions that can replace traditional dialup and Frame Relay circuits. The Reliable Static Routing Backup using Object Tracking feature introduces a reliable backup solution for PPPoE and IPSec VPN deployments, allowing these solutions to be used for critical circuits that must not go down without a backup circuit automatically engaging. How to Configure Reliable Static Routing Backup Using Object Tracking Several tasks are involved in the configuration: 1. Configuring the primary WAN interface 2. Configuring the backup interface 3. Configuring the SA Agent 4. Configuring the routing policy 5. Configuring the default route for the primary WAN interface using the static routing 6. Configuring a floating static default route on the backup interface The following is an example of the Cisco IOS Software commands necessary to configure an analog modem interface as the backup interface for the scenario shown in Figure 1. Analog Modem Sample Configuration Primary Wan interface interface FastEthernet0 ip address 172.28.49.102 255.255.255.224 modem configuration line 1 Page 2 of 15

autoselect ppp modem InOut exit Backup Interface: Logic/interface Dialer, Physical/interface Async interface Dialer1 no shutdown ip address negotiated no ip route-cache dialer pool 1 dialer-group 1 encapsulation ppp dialer string 1234567 dialer idle-timeout 120 dialer fast-idle 20 ppp authentication chap callin ppp chap hostname cisco123 ppp chap password 0 ******** exit interface Async1 description backup_link async mode dedicated encapsulation ppp dialer in-band dialer pool-member 1 dialer-list 1 protocol ip permit Create an SA Agent to ping the target address. This task applies to both static routing rtr 1 Page 3 of 15

type echo protocol ipicmpecho 172.28.49.104 configure an SA Agent end-to-end echo response time probe operation timeout 1000 sets the amount of time the SAA operation waits for a response from its request packet/milliseconds frequency 3 sets the rate at which ICMP pings are sent into the network/seconds threshold 2 the threshold that generates a reaction event for the SA Agent operation/milliseconds track 1 rtr 1 reachability track whether a router is reachable rtr schedule 1 start-time now life forever time parameters for an SAA operation Configure a routing policy if the primary interface is configured for static routing and the primary gateway is a multipoint gateway access-list 100 permit icmp any host 172.28.49.104 echo defines the conditions for redistributing routes from one routing protocol into another route-map SDM_BACKUP_RMAP_1 permit 1 Distributes any routes that have a destination network number address that is permitted by access-list 100, or performs policy routing on packets. match ip address 100 set ip next-hop 172.28.49.97 indicates where to output packets that pass a match clause of a route map for policy routing set interface null0 indicates where to output packets that pass a match clause of a route map for policy routing Apply the route map for local policy routing Page 4 of 15

ip local policy route-map SDM_BACKUP_RMAP_1 configure the static default route since static route is used track number specifies that the static route will be installed only if the configured track object is UP ip route 0.0.0.0 0.0.0.0 172.28.49.97 1 track 1 configure a floating static default route on the backup interface. ip route 0.0.0.0 0.0.0.0 Dialer0 2 target address is sent out through the primary WAN interface ip route 172.28.49.104 255.255.255.255 FastEthernet0 1 Cisco Security Device Manager Dial-Backup Support The Cisco IOS Software Dial backup feature requires users to fully understand how to configure the backup interface, the Reliable Static Routing Backup using Object Tracking feature, the SA Agent, the routing policy, the default route for the primary interface, and the floating static default route on the backup interface using static routing. Cisco Router and Security Device Manager (SDM) allows users to easily configure backup interfaces and the Dial backup feature. The following steps are used to configure the same scenario as previously described, this time using Cisco SDM as opposed to Cisco IOS Software command-line interface (CLI). The Dial backup feature is supported on One-port ISDN BRI, One-Port Analog Modem, and Two-Port Analog Modem by Cisco SDM. Cisco SDM makes a few assumptions while configuring the Dial backup feature: The primary interface is a WAN interface. If only one default route exists, Cisco SDM assumes that the primary WAN interface uses the default route to route traffic. If no default route exists, Cisco SDM will ask the user to specify the primary WAN interface. The primary WAN interface and the backup interface cannot both have dynamic IP addresses. Page 5 of 15

Configuring Reliable Static Routing Backup Using Object Tracking on an Analog Modem 1 In Figure 2, the remote routers next-hop gateway is the headend router 172.28.49.97. The VPN peer for the remote router is 172.28.49.104, which is located at the main office, so it becomes the tracking object. The user clicks on the WAN icon while in the Wizard mode to create a new WAN connection. Figure 2 Create New WAN Connection Wizard 1 The primary WAN interface and default route configurations are not covered in this document. In this example, the primary WAN interface, FastEthernet0, is configured with a static IP address, and a default route is configured with a multipoint gateway, 172.28.49.97, in the network. Page 6 of 15

Next, enter the remote phone number: 1234567, and click Next (Figure 3). Figure 3 Dial String Then select the IP address. Figure 4 shows Easy IP (IP Negotiated). Click Next. Note: The IP address for the dialer interface can be obtained dynamically via IPCP (IP negotiated) from the service provider, as in this case, therefore Easy IP (IP Negotiated) is used. Page 7 of 15

Figure 4 IP Address For authentication configuration (Figure 5), take the following steps: Select the Authentication Type: in this scenario, CHAP is used Username: cisco1721 Password: cisco1721 (the Password is displayed encrypted on screen) Confirm Password: cisco1721 (the Confirm Password is displayed encrypted on screen) Page 8 of 15

Figure 5 Authentication Page 9 of 15

Page 10 of 15

Select Configure this connection as backup, then click Next (Figure 6) Figure 6 Backup Configuration For the backup configuration (Figure 7), take the following steps: Select the interface that acts as a primary connection: in this scenario the FastEthernet0 is used Primary next-hop IP address: 172.28.49.97 (the primary gateway in Figure 1) Secondary next-hop IP address: (left blank in this example) Click Next Page 11 of 15

Figure 7 Backup Configuration Primary Interface Page 12 of 15

Configure the Hostname or IP Address (Figure 8) of the object being tracked: 172.28.49.104 (the VPN peer router at the main office in Figure 1) Click Next Figure 8 Backup Configuration IP Address to Be Tracked Page 13 of 15

Summary screen displays the configuration; click Finish to deliver the configuration (Figure 9) Figure 9 Configuration Summary Once the Backup Interface and the Dial backup features are configured using the Wizard, use the Advanced Mode/Interfaces and Connections to display and alter the configuration further if desired. The Backup Interface and Dial backup feature configurations are also supported by the Advanced Mode. In summary, by using Cisco SDM WAN Wizard, users can generate the same complex configuration for Backup Interface and Dial backup features easily and quickly with minimal knowledge of Cisco IOS Software commands and minimal knowledge of Reliable Static Routing Backup using Object Tracking, SA Agent, and DDR. Page 14 of 15

References Enhanced Object Tracking of Service Assurance Agent Operations: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtfhrp.pdf Term IP Netmask-Format: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123tcr/123tip1r/ip1_t1gt.pdf DC: Cisco IOS Dial Technologies Configuration Guide, Release 12.2: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fdial_c/index.htm Preparing to Configure DDR: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fdial_c/fnsprt5/dcdhwddr.pdf Dialer Profile http://www.cisco.com/en/us/tech/tk801/tk133/tk159/tech_protocol_home.html Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Cisco Systems, Inc. Capital Tower 168 Robinson Road #22-01 to #29-01 Singapore 068912 www.cisco.com Tel: +65 317 7777 Fax: +65 317 7799 Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices. Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe Copyright 2004 Cisco Systems, Inc. All rights reserved. Cisco, Cisco Systems, the Cisco Systems logo, and Cisco IOS are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property 2004 of Cisco their System respective s,inc.a owners. lright The use reserved. of the word partner does not imply a partnership relationship between Im portant Cisco notices,privacy and any other company. statem ents,and (0402R) tradem arks of Cisco System s,inc.can be found on cisco.com Page 15 of 15 Printed in the USA

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information