07-17-2007 12:12 PM - edited 03-03-2019 05:54 PM
Hi, I am setting up a Cisco 1841 Router to 2 ISP connections. The first connection is a T1 and the second connection is a Cable Modem. I have setup PAT in conjunction with route-maps that will send all www traffic out the cable modem and all other traffic out the T1. The Cable Modem connection is dynamic. I can successfully FTP to different sites using the T1 connection but when I try and browse to any website it eventually times out and won't load the page. Is there anything I am missing for the DHCP side or any side for that matter that would cause problems with the Cable Modem connection? Here is the config.
ip dhcp pool TEST
network 192.168.254.0 255.255.255.0
default-router 192.168.254.1
dns-server 70.x.x.210 70.24.7.3 70.x.x.218 70.24.7.6
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 70.x.x.85 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address 192.168.254.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 70.94.87.81
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
no ip http secure-server
ip nat inside source route-map CABLE interface FastEthernet0/0 overload
ip nat inside source route-map T1 interface FastEthernet0/1 overload
!
access-list 100 remark ----------ACL for T1 Route-Map----------
access-list 100 deny tcp any any eq www
access-list 100 permit ip any any
access-list 101 remark ----------ACL for CABLE Route-Map----------
access-list 101 permit tcp any any eq www
access-list 101 deny ip any any
no cdp run
route-map CABLE permit 10
match ip address 101
match interface FastEthernet0/0
!
route-map T1 permit 10
match ip address 100
match interface FastEthernet0/1
Thanks for any help.
07-17-2007 01:41 PM
Hi,
you cannot use ACL "ip any any" for NAT.
Please remove them and configure like "permit ip tcp 192.168.254.0 0.0.0.255 ".
Alos, you neet PBR in addition to route map if you want to send all your WWW address to a particular interface. for that, I think you can use the "permit tcp any any type". In these, you need "set interface ..." depending on where you want to send traffic.
Hope this helps, please rate post if it does!
07-19-2007 12:02 PM
Hi,
I tried the changes to the ACL for the Route-Maps used by NAT. I also got rid of the match commands to the interfaces and entered in set commands to the proper interfaces. After doing so it has not changed anything. Still having problems witht he Cable side and the T1 side is very slow finding ftp sites. You said I need PBR which I am assuming is policy based routing. I thought routemaps were policy based routing which is included in the NAT commands. Do you have any other ideas that might help resolve the issue? Here is the new config:
ip dhcp excluded-address 192.168.254.1 192.168.254.49
ip dhcp excluded-address 192.168.254.100 192.168.254.254
!
ip dhcp pool TEST
network 192.168.254.0 255.255.255.0
default-router 192.168.254.1
dns-server 70.94.70.210 70.24.7.3 70.94.70.218 70.24.7.6
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 70.94.87.85 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address 192.168.254.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 70.94.87.81
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
no ip http secure-server
ip nat inside source route-map CABLE interface FastEthernet0/0 overload
ip nat inside source route-map T1 interface FastEthernet0/1 overload
!
access-list 100 remark ---------ACL for T1 Route-Map----------
access-list 100 deny tcp 192.168.254.0 0.0.0.255 any eq www
access-list 100 permit tcp 192.168.254.0 0.0.0.255 any
access-list 101 remark ----------ACL for CABLE Route-Map----------
access-list 101 permit tcp 192.168.254.0 0.0.0.255 any eq www
access-list 101 deny tcp 192.168.254.0 0.0.0.255 any
no cdp run
route-map CABLE permit 10
match ip address 101
set interface FastEthernet0/0
!
route-map T1 permit 10
match ip address 100
set interface FastEthernet0/1
!
Thanks again for any help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: