Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
585
Views
0
Helpful
6
Replies

CISCO 1811 Dual WAN Switching Help Required

jamesallen
Level 1
Level 1

‎10-05-2008 06:18 AM - edited ‎03-03-2019 11:47 PM

Thanks for reading,

We have just purchased a CISCO 1811 router and having no luck in configuring it. I started by using SDM to configure the router but quickly moved to telnet when SDM would not allow me to configure everything required.

Right enough with the background, here is my issue: I have a Satellite service running on FE0 and a ADSL service running on FE1. The FE0 is set with a static IP address and the FE1 is PPPOE to a simple modem with no firewall or NAT. So FE1 is currently just being the Dialer0 to use PPPOE pass-through.

What I am looking to do is have the Site-Site connection going over the Satellite service while pushing all the HTTP/HTTPs taffice through FE1. As most of you are aware Sat services carry high latency so I want Users browsing experiences to be quick while I am not so bothered about the Site-Site traffic which will be company based.

I have managed to configure the FE0 & FE1 so that both are up and online. FE0 has no issues and currently everything is working over the Sat service. I need to find someway of telling the CISCO to route web taffice over the ADSL. I am not bothered with load balancing at present so there is no need to failover. However if anyof you are able to provide a solution with failover then all the better.

Ok last but not least this is my running config from the box; I have *** some entries but if you require them please e-mail me direct. You will find the config attached to this post.

Hope I have given enough info above. Any question please post back or e-mail me direct. If any of you CISCO experts out there read this I am sure this is a walk in the park for you! Thanks in advance!

Labels:
Preview file
10 KB
0 Helpful
6 Replies 6

Jim Coyne
Cisco Employee
Cisco Employee

‎10-05-2008 08:28 AM

Match the traffic:

class-map match-any ASDL.TRAFFIC

match protocol http

match protocol secure-http

match protocol ftp

match protocol secure-ftp

match protocol secure-imap

Set the precedence for use in policy based routing:

policy-map ASDL.TRAFFIC

class ASDL.TRAFFIC

set ip precedence 1

Create the route-map for policy based routing, set the next-hop to that of the ASDL:

route-map ASDL.TRAFFIC permit 10

match ip address ASDL.TRAFFIC

set ip next-hop x.x.x.x

Apply both of these to the incoming interface

interface vlan1

ip address x.x.x.x y.y.y.y

ip policy route-map ASDL.TRAFFIC

service-policy input ASDL.TRAFFIC

0 Helpful

Jim Coyne
Cisco Employee
Cisco Employee
In response to Jim Coyne

‎10-05-2008 08:32 AM

Forgot to include the ACL to match on precedence:

ip access-list extended ASDL.TRAFFIC

permit ip any any precedence priority

0 Helpful

jamesallen
Level 1
Level 1
In response to Jim Coyne

‎10-05-2008 09:25 AM

Thats great, thanks for your help! Just one question; do I need to do anything with the NAT? When I was trying to get something like this to work last time the NAT seemed to cause an issue... I was under the impression I have to put in a 'ip route'? like this:

ip route 0.0.0.0 0.0.0.0 85.***.***.1**

Also the ADSL line has a Dynamic IP. Does that effect what you have provided me?

Sorry to be a pain! As you can tell new to CISCO. Used to working with Draytek and I can hear you sigh now. ha ha.

0 Helpful

Jim Coyne
Cisco Employee
Cisco Employee
In response to jamesallen

‎10-05-2008 10:08 AM

Ok, I took a closer look at your config. Why not change the ip nat statement to point to the ASDL

From this:

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload

To this:

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet1 overload

Change your routes from this:

ip route 0.0.0.0 0.0.0.0 85.***.***.1**

to:

ip route 0.0.0.0 0.0.0.0 fa0/1

! Direct traffic out the ASDL

ip route 8*.7*.***.1 0.0.0.0 85.***.***.1**

! Add a specific route for the crypto tunnel via the SAT

Traffic by default is directed out the ASDL, NAT overload is enabled. A more specific route points the tunnel traffic out of the SAT link. The only thing you would need to add is a route for site to site traffic over the tunnel.

0 Helpful

jamesallen
Level 1
Level 1
In response to Jim Coyne

‎10-05-2008 11:09 AM

Thanks for your reply! Yes I can see that would be the best way of doing it.

Not sure if you looked in the config at this but SDM_RMAP_1 is assigned to the VPN tunnel. Think SDM created this when I setup the Site-Site link through it.

I think I will remove all ACL rules to start with till the connections are stable as I dont want to lock myself out.

If I edit the config file to your recommendation would you kindly mind checking it over and make sure I have got things right?

Thanks again, I consulted a company here in the UK and they said this would have to be a CISCO engineer project of thousands. I didnt see why it was so hard to do. Maybe they were trying to over complicate things.

0 Helpful

jamesallen
Level 1
Level 1
In response to jamesallen

‎10-05-2008 12:25 PM

Ok I have edited the config to reflect what I hope is correct.

I have added an addtional route-map and put that as nat overload on FE0 if that will work?

I have also added the code from you last post.

Would you mind just looking over Trial-Config.txt and seeing what you think?

Thanks

Preview file
10 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card