05-28-2008 12:49 AM - edited 03-03-2019 10:07 PM
I would dearly love some help on this one as it has me well and truely confused and beating up small furry animals in frustration.
ADSL1 (routed subnet)---atm0/0/0-|--fe0/0--192.168.0.1/24----
|
Load Balanced
and
Failover
|
ADSL2 (static IP)-------atm0/1/0-|--fe0/1--222.222.222.177/28---
FE0/0 needs to accept NAT translation requests coming from the IP 222.222.222.178/28
FE0/1 needs to route (default router) for machines on other IP's in the /28 subnet.
Default route for FE0/1 needs to go out ADSL1
Default route for FE0/0 needs to NAT, load balance and failover both ATM0/0/0 and ATM0/1/0
I need a virtual interface of some sort that will allow me to assign the IP 222.222.222.178/28 to it, and set it as IP NAT OUTSIDE.
I visualise it as follows:
ATM0/0/0 coupled to Dialer0 get assigned the IP 111.111.111.111/32 on the actual Dialer0 interface. The subnet 222.222.222.178/28 is routed via that /32 IP on the Dialer0 interface. 222.222.222.177/28 is the first IP and the gateway IP for the subnet and is assigned to the FE0/1 interface. The FE0/1 interface needs to static route (no NAT) to the Dialer0 interface.
I now need a "virtual" interface with the IP 222.222.222.178/28 which will static route to the FE0/1 interface. This interface needs to be set as IP NAT OUTSIDE so that port forward requests coming in via Dialer0->FE0/1->Virtual are port mapped to FE0/0
ATM0/1/0 coupled to Dialer1 get assigned a static /32 IP and will accept port forward requests directed to the FE0/0 interface only.
FE0/0 needs to NAT to both Dialer1 and the virtual interface with 178/28 for load balancing and failover.
Existing config follows.
05-28-2008 12:50 AM
Current configuration : 8426 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gw
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 warnings
enable secret
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name network.local
ip name-server 192.168.0.20
ip sla 1
icmp-echo 202.x.111.97
timeout 1000
threshold 250
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 61.88.151.13
timeout 1000
threshold 250
ip sla schedule 2 life forever start-time after 00:00:30
ip sla 3
icmp-echo 172.18.69.86
timeout 1000
threshold 250
ip sla schedule 3 life forever start-time now
ip sla 4
icmp-echo 61.9.209.8
timeout 1000
threshold 250
ip sla schedule 4 life forever start-time after 00:00:30
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 3 rtr 3 reachability
!
track 4 rtr 4 reachability
!
track 10 list boolean or
object 1
object 2
!
track 20 list boolean or
object 3
object 4
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $FW_OUTSIDE$
ip address 222.222.222.177 255.255.255.240
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
next part in next post.
05-28-2008 12:51 AM
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@isp1.net
ppp chap password
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname user@isp2.net
ppp chap password
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 10 track 10
ip route 0.0.0.0 0.0.0.0 Dialer1 20 track 20
ip route 61.9.209.8 255.255.255.255 Dialer1
ip route 61.88.151.13 255.255.255.255 Dialer0
ip route 172.18.69.86 255.255.255.255 Dialer1
ip route 202.183.111.97 255.255.255.255 Dialer0
!
ip http server
ip http access-class 2
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.21 25 interface Dialer1 25
ip nat inside source static tcp 192.168.0.22 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.21 443 interface Dialer1 443
ip nat inside source static tcp 192.168.0.20 1723 interface Dialer1 1723
ip nat inside source static tcp 192.168.0.11 3389 interface Dialer1 3389
ip nat inside source static udp 192.168.0.23 5060 interface Dialer1 5060
ip nat inside source static tcp 192.168.0.93 5500 222.222.222.178 5500 extendable
ip nat inside source static tcp 192.168.0.11 5501 222.222.222.178 5501 extendable
ip nat inside source static tcp 192.168.0.90 5502 222.222.222.178 5502 extendable
ip nat inside source static tcp 192.168.0.92 5503 222.222.222.178 5503 extendable
ip nat inside source static tcp 192.168.0.91 5504 222.222.222.178 5504 extendable
ip nat inside source static tcp 192.168.0.126 5505 222.222.222.178 5505 extendable
ip nat inside source static tcp 192.168.0.90 6990 interface Dialer1 6990
ip nat inside source static tcp 192.168.0.21 25 222.222.222.178 25 extendable
ip nat inside source static tcp 192.168.0.22 80 222.222.222.178 80 extendable
ip nat inside source static tcp 192.168.0.21 443 222.222.222.178 443 extendable
ip nat inside source static tcp 192.168.0.20 1723 222.222.222.178 1723 extendable
ip nat inside source static tcp 192.168.0.11 3389 222.222.222.178 3389 extendable
ip nat inside source static udp 192.168.0.23 5060 222.222.222.178 5060 extendable
ip nat inside source static tcp 192.168.0.90 6990 222.222.222.178 6990 extendable
!
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 deny any
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 2 deny any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 deny ip any any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
control-plane
05-28-2008 05:01 PM
Problem resolved, typical user error issue with ACL and IP assignments etc.
Obviously the virtual interface isnt needed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide