06-21-2008 03:37 PM - edited 03-03-2019 10:27 PM
I have a 4-port HWIC in my 2811 that I'm trying to use for two different ISP connections. My lan is connected FastEthernet0/0 and one ISP is connected to FastEthernet0/0/0. I can ping outside from the router, but nothing from the lan side ever gets outside.
I've attached my config file. Any ideas or suggestions would be greatly appreciated. Thanks,
Greg
06-21-2008 03:55 PM
From the inside Lan do you point to a DG
06-21-2008 04:35 PM
Greg
I have looked at the config that you posted and I see at least 2 significant issues that may explain your problem.
First issue is this from your config:
!ip route 0.0.0.0 0.0.0.0 FastEthernet0/0/0
if your default route is commented out then I am surprised that you can ping outside from the router, since it appears that it has no default route. The output of show ip route from the router would be interesting and possibly helpful.
And if the default route becomes not commented out I believe that this configuration is less than optimal. When a static route (and especially a default static route) is pointed to an interface it then forces the router to ARP for every destination address (which puts more load on the router to maintain a much larger ARP table) and it depends on the ISP router to enable proxy ARP. A much better configuration would be:
ip route 0.0.0.0 0.0.0.0 dhcp
which will learn what your router learns via DHCP to set its default route.
The second and probably more significant issue is your nat statement:
ip nat inside source list 15 interface FastEthernet0/0/0 overload
the issue here is that FastEthernet0/0/0 is an access port belonging to vlan 10. And an access port has no IP address on which to overload. To correct this change the nat to point to vlan10 overload.
I will also comment that if FastEthernet0/0/1 (and vlan 20) are your second ISP connection but have no nat configuration that uses them, then the second ISP is not doing you much good.
HTH
Rick
06-21-2008 08:14 PM
Ah, yes, I had been playing with the config file and the last route had been undefined. show ip route always showed the same thing, in any event. I had the second interface offline because I wanted to get the primary one up and running first.
The ip nat catch seems to be the primary problem :-)
Thanks!
I assume for the vlan 20 nat, I would you the same line, just with the vlan different?
06-22-2008 01:15 AM
Greg
Doing NAT on 2 different interfaces and to 2 different providers may be a bit more complex. Here is an approach that I would suggest:
interface vlan10
ip address dhcp
ip nat outside
!
interface vlan20
ip address 64.142.xx.xx 255.255.255.0
ip nat outside
!
ip nat inside source route-map ISPa-map interface vlan10 overload
ip nat inside source route-map ISPb-map interface vlan20 overload
!
route-map ISPa-map permit 10
match ip address 15
match interface vlan10
!
route-map ISPb-map permit 10
match ip address 15
match interface vlan20
!
using the route maps allows you to qualify the translation not only by source address but also by outbound interface. Give it a try and let us know how it works.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide