Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1811 Dual Wan Setup

Alright...I am trying to set up several 1811 routers I purchased a few weeks back, but I'm going nuts over this stuff. We are going to have 3 of these set up in 3 different locations, all VPN'd together with GRE tunnels for VOIP. 2 of these have a Data T1 (Eth0) and RoadRunner (eth1). I want to make it so that all normal traffic goes over the RR, but VPN needs to go over the T1. The T1 also needs to provide backup internet if RR goes down. So, yeah...below is my config. I've never worked on a Cisco before, so I'm confused to say the least. I only know how to use SDM to boot - anyone know of a good crash guide to IOS while I'm at it??? Let me know your opinions, good, bad, or ugly...gotta figure this stuff out.

BeginConfig:

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname RouterTwo

...

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.3.1 192.168.3.200

!

ip dhcp pool sdm-pool1

import all

network 192.168.3.0 255.255.255.0

dns-server 65.xxx.xxx.65 207.xxx.xxx.10

default-router 192.168.3.1

!

!

ip tcp synwait-time 10

no ip bootp server

ip domain name yomama.com

ip name-server 65.xxx.xxx.65

ip name-server 207.xxx.xxx.10

ip ssh time-out 60

ip ssh authentication-retries 2

...

interface FastEthernet0

description $ES_WAN$$FW_OUTSIDE$

ip address 207.xxx.xxx.204 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface FastEthernet1

description $ETH-WAN$

ip address 24.xxx.xxx.188 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface FastEthernet9

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$

ip address 192.168.3.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

interface Async1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation slip

!

ip route 0.0.0.0 0.0.0.0 207.xxx.xxx.201

ip route 0.0.0.0 0.0.0.0 24.xxx.xxx.185 2

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet0 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.3.0 0.0.0.255

no cdp run

8 REPLIES

Re: 1811 Dual Wan Setup

There is no VPN configuration. Try running through the VPN wizard. I looked at it once and I'm pretty sure there is a GRE setup in there somewhere.

Re: 1811 Dual Wan Setup

Hi,

All I see is that its being configured with FE Interfaces. There is NO VPN config of whatsoever!

Please provide more details, and we would be glad to help you setup the VPNs.

Regards,

Wilson Samuel

New Member

Re: 1811 Dual Wan Setup

Im looking into a similar setup, but I would like to know how to configure NAT overload in this situation. how would you go about configuring NAT to overload based on the egress interface?

Also, what if one of the interfaces was DHCP? you would not be able to specify a default route next-hop (you would have to use ip route 0.0.0.0 0.0.0.0 dhcp?), and you would also not have the static IP for nat (you would have to overload the interface).

Does anyone have a sample config for this?

Silver

Re: 1811 Dual Wan Setup

Can you elaborate more on the question of "on egress interface: ? Do you mean NAT one inside address to multiple outside address ?

NAT overload is used on the Port address translation.

If it is a DHCP address, you can use interface as the next-hop instead of the IP address.

e.g. ip route 0.0.0.0 0.0.0.0 dialer 0

Check here for NAT examples :

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

Hope this helps.

New Member

Re: 1811 Dual Wan Setup

Hopefully i am not making this harder than it should be. let me clarify a bit.

with a dual wan, dual ISP setup, you would have:

ethernet0

ip address 99.99.99.254

ethernet1

ip address dhcp

and LAN:

vlan1

ip address 192.168.1.1

for default routes, we could have something like..

ip route 0.0.0.0 0.0.0.0 99.99.99.1 100

ip route 0.0.0.0 0.0.0.0 (dhcp or ethernet1, not sure which?) 150

so that should take care of interfaces and routing. now what about PAT? do we just create two nat entries?

ip nat inside source list 1 ethernet0 overload

ip nat inside source list 1 ethernet1 overload

would this correctly PAT the addresses, say if ethernet0 goes down, ethernet1 will take over?

I saw another post on NetPro, where a user had a dual wan setup such as this, and when the system built the NAT entries, and the primary link was up, everything was ok. but when the primary link failed, it would not remove and recreate the NAT map for the secondary link.

Do you see what i am getting at? hope this helps.

Silver

Re: 1811 Dual Wan Setup

As mentioned, the second static route should be :

ip route 0.0.0.0 0.0.0.0 ethernet1 150

The overload command is correct. However, in your case, both WAN are using Ethernet, if the any of the ISP network down, the Ethernet may now down, so the next-hop in your routers will still be active and not able to failover to another link. Therefore, you may require to deploy the object tracking to overcome this issue. Check below :

http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080774e79.html

Hope this helps.

New Member

Re: 1811 Dual Wan Setup

Cool, I think i'm on the right track now.

Here is the config guide for static routing object tracking: http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html#wp1051155

And here is the basic config for my example:

interface ethernet 0/0

description primary-link

ip dhcp client route track 123

ip address dhcp

interface serial 0

description backup-link

ip address 10.2.2.2 255.0.0.0

ip sla monitor 1

type echo protocol ipIcmpEcho 172.16.23.7

timeout 1000

frequency 3

threshold 2

ip sla monitor schedule 1 life forever start-time now

track 123 rtr 1 reachability

access list 101 permit icmp any host 172.16.23.7 echo

route map MY-LOCAL-POLICY permit 10

match ip address 101

set ip next-hop dynamic dhcp

!

ip local policy route-map MY-LOCAL-POLICY

ip route 0.0.0.0 0.0.0.0 10.2.2.125 254

Thanks for the help!

Silver

Re: 1811 Dual Wan Setup

The config. looks like, please advise the result if you carried the test. :)

317
Views
5
Helpful
8
Replies