cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
553
Views
0
Helpful
3
Replies

1841 Dual ADSL WIC - Load Balance plus Subnet from one ISP

cisco
Level 1
Level 1

I would dearly love some help on this one as it has me well and truely confused and beating up small furry animals in frustration.

ADSL1 (routed subnet)---atm0/0/0-|--fe0/0--192.168.0.1/24----

|

Load Balanced

and

Failover

|

ADSL2 (static IP)-------atm0/1/0-|--fe0/1--222.222.222.177/28---

FE0/0 needs to accept NAT translation requests coming from the IP 222.222.222.178/28

FE0/1 needs to route (default router) for machines on other IP's in the /28 subnet.

Default route for FE0/1 needs to go out ADSL1

Default route for FE0/0 needs to NAT, load balance and failover both ATM0/0/0 and ATM0/1/0

I need a virtual interface of some sort that will allow me to assign the IP 222.222.222.178/28 to it, and set it as IP NAT OUTSIDE.

I visualise it as follows:

ATM0/0/0 coupled to Dialer0 get assigned the IP 111.111.111.111/32 on the actual Dialer0 interface. The subnet 222.222.222.178/28 is routed via that /32 IP on the Dialer0 interface. 222.222.222.177/28 is the first IP and the gateway IP for the subnet and is assigned to the FE0/1 interface. The FE0/1 interface needs to static route (no NAT) to the Dialer0 interface.

I now need a "virtual" interface with the IP 222.222.222.178/28 which will static route to the FE0/1 interface. This interface needs to be set as IP NAT OUTSIDE so that port forward requests coming in via Dialer0->FE0/1->Virtual are port mapped to FE0/0

ATM0/1/0 coupled to Dialer1 get assigned a static /32 IP and will accept port forward requests directed to the FE0/0 interface only.

FE0/0 needs to NAT to both Dialer1 and the virtual interface with 178/28 for load balancing and failover.

Existing config follows.

3 Replies 3

cisco
Level 1
Level 1

Current configuration : 8426 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname gw

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 warnings

enable secret

!

aaa new-model

!

!

aaa authentication login local_authen local

aaa authorization exec local_author local

!

aaa session-id common

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

ip cef

!

!

ip tcp synwait-time 10

!

!

no ip bootp server

ip domain name network.local

ip name-server 192.168.0.20

ip sla 1

icmp-echo 202.x.111.97

timeout 1000

threshold 250

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 61.88.151.13

timeout 1000

threshold 250

ip sla schedule 2 life forever start-time after 00:00:30

ip sla 3

icmp-echo 172.18.69.86

timeout 1000

threshold 250

ip sla schedule 3 life forever start-time now

ip sla 4

icmp-echo 61.9.209.8

timeout 1000

threshold 250

ip sla schedule 4 life forever start-time after 00:00:30

!

track 1 rtr 1 reachability

!

track 2 rtr 2 reachability

!

track 3 rtr 3 reachability

!

track 4 rtr 4 reachability

!

track 10 list boolean or

object 1

object 2

!

track 20 list boolean or

object 3

object 4

!

!

!

interface Null0

no ip unreachables

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$

ip address 192.168.0.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description $FW_OUTSIDE$

ip address 222.222.222.177 255.255.255.240

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

next part in next post.

cisco
Level 1
Level 1

interface ATM0/0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/0/0.1 point-to-point

no ip redirects

no ip unreachables

no ip proxy-arp

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0.1 point-to-point

no ip redirects

no ip unreachables

no ip proxy-arp

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 2

!

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname user@isp1.net

ppp chap password

!

interface Dialer1

description $FW_OUTSIDE$

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

encapsulation ppp

ip route-cache flow

dialer pool 2

dialer-group 2

ppp authentication chap pap callin

ppp chap hostname user@isp2.net

ppp chap password

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0 10 track 10

ip route 0.0.0.0 0.0.0.0 Dialer1 20 track 20

ip route 61.9.209.8 255.255.255.255 Dialer1

ip route 61.88.151.13 255.255.255.255 Dialer0

ip route 172.18.69.86 255.255.255.255 Dialer1

ip route 202.183.111.97 255.255.255.255 Dialer0

!

ip http server

ip http access-class 2

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source list 2 interface Dialer1 overload

ip nat inside source static tcp 192.168.0.21 25 interface Dialer1 25

ip nat inside source static tcp 192.168.0.22 80 interface Dialer1 80

ip nat inside source static tcp 192.168.0.21 443 interface Dialer1 443

ip nat inside source static tcp 192.168.0.20 1723 interface Dialer1 1723

ip nat inside source static tcp 192.168.0.11 3389 interface Dialer1 3389

ip nat inside source static udp 192.168.0.23 5060 interface Dialer1 5060

ip nat inside source static tcp 192.168.0.93 5500 222.222.222.178 5500 extendable

ip nat inside source static tcp 192.168.0.11 5501 222.222.222.178 5501 extendable

ip nat inside source static tcp 192.168.0.90 5502 222.222.222.178 5502 extendable

ip nat inside source static tcp 192.168.0.92 5503 222.222.222.178 5503 extendable

ip nat inside source static tcp 192.168.0.91 5504 222.222.222.178 5504 extendable

ip nat inside source static tcp 192.168.0.126 5505 222.222.222.178 5505 extendable

ip nat inside source static tcp 192.168.0.90 6990 interface Dialer1 6990

ip nat inside source static tcp 192.168.0.21 25 222.222.222.178 25 extendable

ip nat inside source static tcp 192.168.0.22 80 222.222.222.178 80 extendable

ip nat inside source static tcp 192.168.0.21 443 222.222.222.178 443 extendable

ip nat inside source static tcp 192.168.0.20 1723 222.222.222.178 1723 extendable

ip nat inside source static tcp 192.168.0.11 3389 222.222.222.178 3389 extendable

ip nat inside source static udp 192.168.0.23 5060 222.222.222.178 5060 extendable

ip nat inside source static tcp 192.168.0.90 6990 222.222.222.178 6990 extendable

!

access-list 1 remark INSIDE_IF=FastEthernet0/0

access-list 1 remark SDM_ACL Category=1

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 deny any

access-list 2 remark HTTP Access-class list

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 192.168.0.0 0.0.0.255

access-list 2 deny any

access-list 100 remark VTY Access-class list

access-list 100 remark SDM_ACL Category=1

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

access-list 100 deny ip any any

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

no cdp run

!

control-plane

cisco
Level 1
Level 1

Problem resolved, typical user error issue with ACL and IP assignments etc.

Obviously the virtual interface isnt needed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: