2 DSL lines and 1 871 router

Unanswered Question
Jul 2nd, 2007

Our office has a DLS line and an 871 router working just fine. we're getting a second DSL connection and want it used primarily for Internet browsing. the original DSL is to be used for VPN connections. Do I need a second router? What is the best solution?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Paolo Bevilacqua Mon, 07/02/2007 - 15:01

It depends if you want to terminate the lines directly in the router, that is usually the best solution, or use the cheap modem given by the ISP.

In first choice you would need either a second 871 or 851 router, or 877 or 857 to terminate ADSL line at router.

Or, a bigger router that can host two ADSL cards (called HWIC-1ADSL), like a 1841 or 2801. Once you have your choice in house with the line synced up, come back and we can give you config advice.

Hope this helps, please rate post if it does!

mwstewart Wed, 07/04/2007 - 16:50

OK, I have the second DSL line synced up and I have a second 871 router, with no configuratino. My first 871 will be used primarily for outsiders to vpn into the network. I think there are also some routes that provide vpn from inside to another site. The second dsl/router config is primarily for users inside to access the internet - mail and web browsing. How should I configure the second router? Do I need to ask qwest for a static IP on the second dsl line? thanks in advance.

stu

Paolo Bevilacqua Wed, 07/04/2007 - 17:06

Hi, that was fast.

Now, for the "internet" 871, you don't need a static address. Do you know how to configure it for NAT ? If you tell us which encapsulation qwest uses, I can point to an example.

Going back to the "VPN 871", how the remotes will gain access to your network ? Will they have Cisco VPN client, or what ? It would be good if this router had a static IP.

In any case: Configure VLAN1 interface on both routers on the same network. On both of them configure:

router rip

network

version 2

redistribute static metric transparent

This will start the routers "talking" to each other. Then depending on the VPN config we add the rest of configuration.

Later after you master all the stuff we can one configuration using hsrp in which if the internet adsl goes

mwstewart Wed, 07/04/2007 - 17:12

VPN 871 has a static IP and remote users gain access with Cisco VPN client and/or remote desktop (I think a site to site vpn has been setup along with routing tables for each network).

Not sure what type of encapsulation qwest is using. how can I determine that? Not sure how to configure NAT either. Thanks for the timely response. As soon as I have access to the VPN router - waiting for password - I'll send the config.

Paolo Bevilacqua Wed, 07/04/2007 - 17:26

Ok, since you haven't mentioned to have been given an username/password, let's assume is "bridged 1483". Configure:

bridge irb

!

!

interface vlan 1

no shut

ip address

!--- For NAT:

ip nat inside

!

interface atm0

no shut

no ip address

no ip directed-broadcast

no atm ilmi-keepalive

interface atm0.1 pointo-to-point

pvc

encapsulation aal5snap

!--- Common PVC values supported by ISPs are 0/35 or 8/35.

!--- Confirm your PVC values with your ISP.

!

bridge-group 1

!

interface bvi1

ip address dhcp

!--- For NAT:

ip nat outside

!

!--- For NAT:

ip nat inside source list 1 interface bvi1 overload

ip route 0.0.0.0 0.0.0.0 ATM0.1

!--- For NAT:

access-list 1 permit

!--- In this configuration, access-list 1 defines a standard access list

!--- that permits the addresses that NAT translates. For example, if

!--- your private IP network is 10.10.10.0, the configuration of

!--- access-list 1 permit 10.10.10.0 0.0.0.255 allows NAT to translate

!--- packets with source addresses between 10.10.10.0 and 10.10.10.255.

!

bridge 1 protocol ieee

bridge 1 route ip

!

end

Yous should see interfa atm0.1 up and with an address. Then, need the "VPN871" password to go ahead.

mwstewart Thu, 07/05/2007 - 19:56

I'm setting up the second 871 router. I have the console cable connected but can't get past the initial username and password prompt. sorry I'm so lame. can you help? thanks!

Paolo Bevilacqua Fri, 07/06/2007 - 02:45

Hi, do some commands and beging to learn the basics, like "show run", conf t, etc.

check out how to telnet to the router with a good term like putty.

You should see the ipsec config for clients and began how to add one, basically a matter of adding username and password.

Then you check the router sees the other via rip as simply configure and go for there.

a.cruea1980 Fri, 07/06/2007 - 08:32

If you mean right after you get it out of the box, try cisco for both the user and pass.

Actions

This Discussion