1841 Dual Internet Connection Issue

Unanswered Question
Jul 17th, 2007
User Badges:

Hi, I am setting up a Cisco 1841 Router to 2 ISP connections. The first connection is a T1 and the second connection is a Cable Modem. I have setup PAT in conjunction with route-maps that will send all www traffic out the cable modem and all other traffic out the T1. The Cable Modem connection is dynamic. I can successfully FTP to different sites using the T1 connection but when I try and browse to any website it eventually times out and won't load the page. Is there anything I am missing for the DHCP side or any side for that matter that would cause problems with the Cable Modem connection? Here is the config.


ip dhcp pool TEST

network 192.168.254.0 255.255.255.0

default-router 192.168.254.1

dns-server 70.x.x.210 70.24.7.3 70.x.x.218 70.24.7.6

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 70.x.x.85 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

ip address 192.168.254.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip classless

ip route 0.0.0.0 0.0.0.0 70.94.87.81

ip route 0.0.0.0 0.0.0.0 dhcp

!

ip http server

no ip http secure-server

ip nat inside source route-map CABLE interface FastEthernet0/0 overload

ip nat inside source route-map T1 interface FastEthernet0/1 overload

!

access-list 100 remark ----------ACL for T1 Route-Map----------

access-list 100 deny tcp any any eq www

access-list 100 permit ip any any

access-list 101 remark ----------ACL for CABLE Route-Map----------

access-list 101 permit tcp any any eq www

access-list 101 deny ip any any

no cdp run

route-map CABLE permit 10

match ip address 101

match interface FastEthernet0/0

!

route-map T1 permit 10

match ip address 100

match interface FastEthernet0/1


Thanks for any help.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
paolo bevilacqua Tue, 07/17/2007 - 13:41
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


you cannot use ACL "ip any any" for NAT.

Please remove them and configure like "permit ip tcp 192.168.254.0 0.0.0.255 ".


Alos, you neet PBR in addition to route map if you want to send all your WWW address to a particular interface. for that, I think you can use the "permit tcp any any type". In these, you need "set interface ..." depending on where you want to send traffic.


Hope this helps, please rate post if it does!


CSCO11069165 Thu, 07/19/2007 - 12:02
User Badges:

Hi,


I tried the changes to the ACL for the Route-Maps used by NAT. I also got rid of the match commands to the interfaces and entered in set commands to the proper interfaces. After doing so it has not changed anything. Still having problems witht he Cable side and the T1 side is very slow finding ftp sites. You said I need PBR which I am assuming is policy based routing. I thought routemaps were policy based routing which is included in the NAT commands. Do you have any other ideas that might help resolve the issue? Here is the new config:


ip dhcp excluded-address 192.168.254.1 192.168.254.49

ip dhcp excluded-address 192.168.254.100 192.168.254.254

!

ip dhcp pool TEST

network 192.168.254.0 255.255.255.0

default-router 192.168.254.1

dns-server 70.94.70.210 70.24.7.3 70.94.70.218 70.24.7.6

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 70.94.87.85 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

ip address 192.168.254.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip classless

ip route 0.0.0.0 0.0.0.0 70.94.87.81

ip route 0.0.0.0 0.0.0.0 dhcp

!

ip http server

no ip http secure-server

ip nat inside source route-map CABLE interface FastEthernet0/0 overload

ip nat inside source route-map T1 interface FastEthernet0/1 overload

!

access-list 100 remark ---------ACL for T1 Route-Map----------

access-list 100 deny tcp 192.168.254.0 0.0.0.255 any eq www

access-list 100 permit tcp 192.168.254.0 0.0.0.255 any

access-list 101 remark ----------ACL for CABLE Route-Map----------

access-list 101 permit tcp 192.168.254.0 0.0.0.255 any eq www

access-list 101 deny tcp 192.168.254.0 0.0.0.255 any

no cdp run

route-map CABLE permit 10

match ip address 101

set interface FastEthernet0/0

!

route-map T1 permit 10

match ip address 100

set interface FastEthernet0/1

!


Thanks again for any help.

Actions

This Discussion