Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
2
Replies

Dual WAN Ping Source

CompuVision Admin
Level 1
Level 1

‎04-01-2012 11:02 PM - edited ‎03-04-2019 03:52 PM

I have an 1811 with 2 WAN connections, Fiber and ADSL (both Ethernet). I'm having a heck of a time getting traffic out the ADSL link.

As it stands, I can ping the next hop 75.158.58.1, but no further.  ping source FastEthernet1 times out to any external address nor can I  NAT internal subnets out the interface.

I'm really at a loss as to why, especially since I can ping the next hop. Hoping someone can see something.

version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname RTR1
!
boot-start-marker
boot system flash c181x-advipservicesk9-mz.151-4.M.bin
boot-end-marker
!
!
security authentication failure rate 3 log
logging buffered 51200 warnings
!
!
!
aaa authentication login NetworkAdmins group radius local
aaa authorization console
!
!
!
!
!
aaa session-id common
!
clock timezone MST -7 0
crypto pki token default removal timeout 0
!
!
dot11 syslog
no ip source-route
!
!
!
!
!
ip cef
no ip bootp server
ip domain name internal.com
ip name-server 10.1.10.1
ip name-server 10.1.10.2
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1811/K9 sn FHK134173NW
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
track timer interface 5
!
track 1 ip sla 1 reachability
 delay down 15 up 10
!
track 2 ip sla 2 reachability
delay down 15 up 10
!
!
interface FastEthernet0
 description Fiber
 bandwidth 10000
 ip address 209.**.**.130 255.255.255.240
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly in max-reassemblies 32
 ip verify unicast reverse-path
 speed 10
 full-duplex
 no cdp enable
!
interface FastEthernet1
 description ADSL
 ip address dhcp
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet2
 description Inside
 no ip address
!
interface FastEthernet3
 no ip address
 shutdown
!
interface FastEthernet4
 no ip address
 shutdown
!
interface FastEthernet5
 no ip address
 shutdown
!
interface FastEthernet6
 no ip address
 shutdown
!
interface FastEthernet7
 no ip address
 shutdown
!
interface FastEthernet8
 no ip address
 shutdown
!
interface FastEthernet9
 no ip address
 shutdown
!
interface Vlan1
 description Inside
 ip address 10.254.254.2 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Async1
 no ip address
 encapsulation slip
 shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool pri-default-pool 209.**.**.130 209.**.**.130 netmask 255.255.255.240
ip nat pool pri-servers-pool 209.**.**.131 209.**.**.131 netmask 255.255.255.240
ip nat inside source route-map nat-pri-default pool pri-default-pool overload
ip nat inside source route-map nat-pri-servers pool pri-servers-pool overload
ip nat inside source route-map nat-sec-test interface FastEthernet1 overload
ip route 0.0.0.0 0.0.0.0 209.**.**.129 200 track 1
ip route 0.0.0.0 0.0.0.0 75.**.**.1 250 track 2
ip route 10.1.0.0 255.255.224.0 10.254.254.1
ip route 10.251.251.0 255.255.255.248 10.254.254.1
ip route 10.252.252.0 255.255.255.248 10.254.254.1
!
ip access-list extended nat-default
 permit ip 10.1.5.0 0.0.0.255 any
 permit ip 10.1.6.0 0.0.0.255 any
 permit ip 10.1.7.0 0.0.0.255 any
 permit ip 10.1.12.0 0.0.0.255 any
 permit ip 10.1.13.0 0.0.0.255 any
 permit ip 10.1.9.0 0.0.0.255 any
 permit ip 10.252.252.0 0.0.0.7 any
 permit ip 10.251.251.0 0.0.0.7 any
 permit ip 10.1.8.0 0.0.0.255 any
 permit ip 10.1.14.0 0.0.0.255 any
 ip access-list extended nat-sec-test
 permit ip host 10.1.10.1 any
ip access-list extended nat-servers
 permit ip 10.1.10.0 0.0.0.255 any
 permit ip 10.1.11.0 0.0.0.255 any
ip access-list extended vty-access
 permit tcp 10.1.10.0 0.0.0.255 any eq 22 log
 permit tcp 10.1.5.0 0.0.0.255 any eq 22 log
!
ip sla 1
 icmp-echo 209.**.**.129 source-interface FastEthernet0
 threshold 10
 timeout 1000
 frequency 3
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 75.**.**.1 source-interface FastEthernet1
 threshold 40
 timeout 1000
 frequency 3
ip sla schedule 2 life forever start-time now
logging esm config
no cdp run
!
!
!
!
route-map nat-sec-test permit 10
 match ip address nat-sec-test
 set ip next-hop verify-availability 75.**.**.1 10 track 2
 set ip next-hop verify-availability 209.**.**.129 20 track 1
!
route-map nat-pri-servers permit 10
 match ip address nat-servers
 match interface FastEthernet0
!
route-map nat-pri-default permit 10
 match ip address nat-default
 match interface FastEthernet0
!
!
radius-server host 10.1.10.1 auth-port 1812 acct-port 1813 key 7 ****************
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 30 0
 logging synchronous
 transport output telnet ssh
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 exec-timeout 30 0
 transport output telnet ssh
line vty 0 4
 access-class vty-access in
 exec-timeout 60 0
 privilege level 15
 logging synchronous
 login authentication NetworkAdmins
 transport input ssh
line vty 5 15
 access-class vty-access in
 exec-timeout 60 0
 privilege level 15
 logging synchronous
 login authentication NetworkAdmins
 transport input ssh
!
scheduler interval 500
ntp server 10.1.10.1 version 3
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

RTR1#sh ip sla statistics 
IPSLAs Latest Operation Statistics
IPSLA operation id: 1
    Latest RTT: 1 milliseconds
Latest operation start time: 05:32:56 MST Mon Apr 2 2012
Latest operation return code: OK
Number of successes: 815
Number of failures: 1
Operation time to live: Forever
IPSLA operation id: 2
    Latest RTT: 32 milliseconds
Latest operation start time: 05:32:57 MST Mon Apr 2 2012
Latest operation return code: OK
Number of successes: 497
Number of failures: 0
Operation time to live: Forever
Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎04-02-2012 04:10 AM

I believe that there are a couple of issues in what you are trying to do. First the route map you are using to do the address translation for the ADSL link is coded like it is doing Policy Based Routing by setting the next hop. To control address translation it should have a match for the access list and a match for the interface (as you do in translation for the other interface) and no set statements.

Also the logic in the route map is flawed in that it has two set statements for next hop. It would execute the first set statement to make the next hop 75 and then would execute the second set statement resulting in the next hop being 209. If your intent is to provide an alternative next hop if one is not working then both addresses need to appear on a single set statement.

HTH

Rick

HTH

Rick
0 Helpful

CompuVision Admin
Level 1
Level 1
In response to Richard Burts

‎04-02-2012 07:31 AM

Thanks. I will change the route-map and report back, but even so wouldn't that only explain devices behind the router. Why does ping 8.8.8.8 source FA1 not work? I shouldn't need any route-maps/ACL's etc etc to ping out a directly connected interface should I?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card