Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
2
Replies

1841 Dual Internet Connection Issue

CSCO11069165
Level 1
Level 1

‎07-17-2007 12:12 PM - edited ‎03-03-2019 05:54 PM

Hi, I am setting up a Cisco 1841 Router to 2 ISP connections. The first connection is a T1 and the second connection is a Cable Modem. I have setup PAT in conjunction with route-maps that will send all www traffic out the cable modem and all other traffic out the T1. The Cable Modem connection is dynamic. I can successfully FTP to different sites using the T1 connection but when I try and browse to any website it eventually times out and won't load the page. Is there anything I am missing for the DHCP side or any side for that matter that would cause problems with the Cable Modem connection? Here is the config.

ip dhcp pool TEST

network 192.168.254.0 255.255.255.0

default-router 192.168.254.1

dns-server 70.x.x.210 70.24.7.3 70.x.x.218 70.24.7.6

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 70.x.x.85 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

ip address 192.168.254.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip classless

ip route 0.0.0.0 0.0.0.0 70.94.87.81

ip route 0.0.0.0 0.0.0.0 dhcp

!

ip http server

no ip http secure-server

ip nat inside source route-map CABLE interface FastEthernet0/0 overload

ip nat inside source route-map T1 interface FastEthernet0/1 overload

!

access-list 100 remark ----------ACL for T1 Route-Map----------

access-list 100 deny tcp any any eq www

access-list 100 permit ip any any

access-list 101 remark ----------ACL for CABLE Route-Map----------

access-list 101 permit tcp any any eq www

access-list 101 deny ip any any

no cdp run

route-map CABLE permit 10

match ip address 101

match interface FastEthernet0/0

!

route-map T1 permit 10

match ip address 100

match interface FastEthernet0/1

Thanks for any help.

Labels:
0 Helpful
2 Replies 2

paolo bevilacqua
Hall of Fame
Hall of Fame

‎07-17-2007 01:41 PM

Hi,

you cannot use ACL "ip any any" for NAT.

Please remove them and configure like "permit ip tcp 192.168.254.0 0.0.0.255 ".

Alos, you neet PBR in addition to route map if you want to send all your WWW address to a particular interface. for that, I think you can use the "permit tcp any any type". In these, you need "set interface ..." depending on where you want to send traffic.

Hope this helps, please rate post if it does!

0 Helpful

CSCO11069165
Level 1
Level 1
In response to paolo bevilacqua

‎07-19-2007 12:02 PM

Hi,

I tried the changes to the ACL for the Route-Maps used by NAT. I also got rid of the match commands to the interfaces and entered in set commands to the proper interfaces. After doing so it has not changed anything. Still having problems witht he Cable side and the T1 side is very slow finding ftp sites. You said I need PBR which I am assuming is policy based routing. I thought routemaps were policy based routing which is included in the NAT commands. Do you have any other ideas that might help resolve the issue? Here is the new config:

ip dhcp excluded-address 192.168.254.1 192.168.254.49

ip dhcp excluded-address 192.168.254.100 192.168.254.254

!

ip dhcp pool TEST

network 192.168.254.0 255.255.255.0

default-router 192.168.254.1

dns-server 70.94.70.210 70.24.7.3 70.94.70.218 70.24.7.6

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 70.94.87.85 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

ip address 192.168.254.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip classless

ip route 0.0.0.0 0.0.0.0 70.94.87.81

ip route 0.0.0.0 0.0.0.0 dhcp

!

ip http server

no ip http secure-server

ip nat inside source route-map CABLE interface FastEthernet0/0 overload

ip nat inside source route-map T1 interface FastEthernet0/1 overload

!

access-list 100 remark ---------ACL for T1 Route-Map----------

access-list 100 deny tcp 192.168.254.0 0.0.0.255 any eq www

access-list 100 permit tcp 192.168.254.0 0.0.0.255 any

access-list 101 remark ----------ACL for CABLE Route-Map----------

access-list 101 permit tcp 192.168.254.0 0.0.0.255 any eq www

access-list 101 deny tcp 192.168.254.0 0.0.0.255 any

no cdp run

route-map CABLE permit 10

match ip address 101

set interface FastEthernet0/0

!

route-map T1 permit 10

match ip address 100

set interface FastEthernet0/1

!

Thanks again for any help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card