Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

NAT with bridge and failover issue

I have two ISP, the main on Dialer0 and the backup on Fa0/1,

I have setup an ip sla on the ADSL link to check if he's up

or not and then fallback on the second provider link (fa0/1).

Everything works well when the ADSL is down (when the nat goes

through the backup link) but as soon as the ADSL is ok the

NAT doesn't want to work. I've tried to nat overload on BVI1

or on Dialer0 (where I use to do when there were no bridge)

it makes no differences

I've already done a lot of theses setups with two isp and it

works well but without the bridge (and I  realy need it here)

Thank you !

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

FastEthernet0/0            : LAN (nat inside) - Here I plug my laptop with ip 10.0.0.2/24

FastEthernet0/1            : Backup WAN (nat outside)

Dialer0                    : Main WAN (nat outside)

FastEthernet0/1/0 - 3      : WAN Bridge Dialer0

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

boot-start-marker

boot system flash c2800nm-adventerprisek9-mz.124-25e.bin

boot-end-marker

!

ip cef

!

ip sla monitor 1

type pathEcho protocol ipIcmpEcho 8.8.4.4

timeout 1000

threshold 3

ip sla monitor schedule 1 life forever start-time now

ip sla monitor 2

type pathEcho protocol ipIcmpEcho 109.159.248.158

timeout 1000

frequency 3

ip sla monitor schedule 2 life forever start-time now

!

track 1 rtr 1 reachability

!

track 2 rtr 2 reachability

!

track 101 list boolean or

object 1

object 2

!

bridge irb

!

interface FastEthernet0/0

description LAN /w NAT inet and failover

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Demon's network 193.195.220.x

ip address 193.195.220.236 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/2/0

switchport access vlan 2

!

interface FastEthernet0/2/1

switchport access vlan 2

!

interface FastEthernet0/2/2

switchport access vlan 2

!

interface FastEthernet0/2/3

switchport access vlan 2

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

atm restart timer 300

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Vlan1

no ip address

!

interface Vlan2

description BT's network 217.36.70.x

no ip address

no ip unreachables

ip tcp adjust-mss 1452

bridge-group 1

!

interface Dialer0

ip unnumbered BVI1

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname XXXXXXXXXX

ppp chap password 7 XXXXXXXXXX

ppp pap sent-username XXXXXXXXX password 7 XXXXXXXXXX

!

interface BVI1

description BT's network 217.36.70.x

ip address 217.36.70.157 255.255.255.248

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0 track 101

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250

ip route 8.8.4.4 255.255.255.255 Dialer0

ip route 109.159.248.158 255.255.255.255 Dialer0

!

!

ip nat inside source route-map isp1 interface BVI1 overload

ip nat inside source route-map isp2 interface FastEthernet0/1 overload

!

ip access-list extended LAN_RANGE

permit ip 10.0.0.0 0.0.0.255 any

!

route-map isp2 permit 10

match ip address LAN_RANGE

match interface FastEthernet0/1

!

route-map isp1 permit 10

match ip address LAN_RANGE

match interface BVI1

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

!

end

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

NAT with bridge and failover issue

Can you try

int dialer0

ip address negotiated.

No other changes.

25 REPLIES
Hall of Fame Super Gold

Re: NAT with bridge and failover issue

And what port uses vlan 1 ? None in you config.

Furthmore ip nat outside must be under dialer0, not BVI1. Also, mss-adjust is not needed there.

New Member

Re: NAT with bridge and failover issue

Thank you for your response Paolo. Yes, no ports use vlan1, is this a problem ?

I'll try to drop the mss-adjust to see. But even with the following setup it doesn't work

interface Dialer0

ip nat inside

!

ip nat inside source route-map isp1 interface dialer0 overload

ip nat inside source route-map isp2 interface FastEthernet0/1 overload

!

route-map isp1 permit 10

match ip address LAN_RANGE

match interface Dialer0

Any idea ?

PS: Tthe problem is only with the NAT because I can ping the world from the router with the ADSL link. It just doesn't work from the LAN.

Message was edited by: Adrien Pujol

Hall of Fame Super Gold

Re: NAT with bridge and failover issue

I see now that vlan2 is in bridge group 1, so that is OK. Anyway, the ip nat comment in my previous post still apply.

And alos, it's unlikey that you can assing an arbitraty address to dialer, should be ip address negotiated.

Please refraing from leaving half-scale ratings to posts made with the will to to help when the issue has just begun being worked on.

New Member

Re: NAT with bridge and failover issue

Sorry for the rating, it was a miss-click on the page, I've tried to remove/change it but there's no way, really sorry .

The dialer have the IP address of the BVI. It's a fixed IP address from the subnet of my ISP.

I've made all the changes you've say but it still doesn't work, any idea ? I've really no idea remaining..

Here is the updated config:

version 12.4

!

ip cef

!

((( here I've stripped ok track config )))

!

bridge irb

!

interface FastEthernet0/0

description LAN /w NAT inet and failover

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Demon's network 193.195.220.x

ip address 193.195.220.236 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/2/0

switchport access vlan 2

!

interface FastEthernet0/2/1

switchport access vlan 2

!

interface FastEthernet0/2/2

switchport access vlan 2

!

interface FastEthernet0/2/3

switchport access vlan 2

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

atm restart timer 300

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Vlan1

no ip address

!

interface Vlan2

description BT's network 217.36.70.x

no ip address

no ip unreachables

bridge-group 1

!

interface Dialer0

ip unnumbered BVI1

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname XXXXXXXXXX

ppp chap password 7 XXXXXXXXXX

ppp pap sent-username XXXXXXXXXX password 7 XXXXXXXXXX

!

interface BVI1

description BT's network 217.36.70.x

ip address 217.36.70.157 255.255.255.248

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0 track 101

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250

ip route 8.8.4.4 255.255.255.255 Dialer0

ip route 109.159.248.158 255.255.255.255 Dialer0

!

ip nat inside source route-map isp1 interface Dialer0 overload

ip nat inside source route-map isp2 interface FastEthernet0/1 overload

!

ip access-list extended LAN_RANGE

permit ip 10.0.0.0 0.0.0.255 any

!

route-map isp2 permit 10

match ip address LAN_RANGE

match interface FastEthernet0/1

!

route-map isp1 permit 10

match ip address LAN_RANGE

match interface Dialer0

!

bridge 1 protocol ieee

bridge 1 route ip

!

end

Again, thank you for your help and sorry for the rating.

Hall of Fame Super Gold

Re: NAT with bridge and failover issue

The thing is that dialer0 is not referenced anywhere. It should be under vlan 2.

Also you have to check if the connction and address to 'main wan' d is PPPoE or bridge. It can't be both.

New Member

Re: NAT with bridge and failover issue

I don't know how to add a dialer to a vlan, so I've tried to add bridge-group 1 to the ATM interface as vlan 2 is member of the bridge group.. But it doesn't work. Is there other way to do that ?

The main wan works, I can ping the world through it. It's just the NAT who doesn't work.

Thank you of keep trying helping me and my weird thing

Hall of Fame Super Gold

NAT with bridge and failover issue

Can you send "show ip int brief"

New Member

Re: NAT with bridge and failover issue

#sh ip int brief

Interface                  IP-Address            OK? Method Status                Protocol

FastEthernet0/0        10.0.0.1             YES NVRAM  up                    up

FastEthernet0/1        193.195.220.236 YES NVRAM  up                    down

FastEthernet0/2/0     unassigned      YES unset  up                    down

FastEthernet0/2/1     unassigned      YES unset  up                    down

FastEthernet0/2/2     unassigned      YES unset  up                    down

FastEthernet0/2/3     unassigned      YES unset  up                    down

ATM0/1/0                 unassigned        YES NVRAM  down               down

ATM0/1/0.1              unassigned      YES unset  down                  down

Vlan1                      unassigned         YES NVRAM  up                 down

Vlan2                      unassigned         YES NVRAM  up                 down

NVI0                       unassigned          NO  unset  up                    up

BVI1                      217.36.70.157     YES manual up                   up

Virtual-Access1          unassigned      YES unset  up                  up

Dialer0                    217.36.70.157   YES TFTP   up                    up

Hall of Fame Super Gold

Re: NAT with bridge and failover issue

I think the router is confused having the same address on two interfaces. Also note virtual access interface dos not receive an address.

If your "main wan" connection is PPP, coinfigure pppoe-client under vlan interface.

If it is regular ethernet, configure ip address unde vlan interface.

But not the two things at the same time, and you don't need BVI at all.

New Member

Re: NAT with bridge and failover issue

But I do need to have the public range of my ISP bridged on the WIC card plugged in (HWIC-4ESW). I'll plug some devices on it as soon as it work !

This is actually part of my question. I know how to configure a router in failover with two "classic" interfaces, I need help for the NAT on a bridged interface.

If anyone have a suggestion... Thanks.

Hall of Fame Super Gold

NAT with bridge and failover issue

That is fine, you don't need to configure bridging, as you have a switch module that does everything, just assing an address on the vlan interface.

You created VLAN 2, but that is not needed, you can use the default of VLAN 1

New Member

Re: NAT with bridge and failover issue

Ok, I think I see where you want to go now. But I didn't know we can do that and I still can't make it work.

Thank you a lot. If it work, let me buy you a beer

I need to change the route on vlan 1, do I ?

Here is the new *lighter* config...

ip cef

!

interface FastEthernet0/0

description LAN /w NAT inet and failover

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1

description Demon's network 193.195.220.x

ip address 193.195.220.236 255.255.255.240

ip nat outside

ip virtual-reassembly

!

interface FastEthernet0/2/0

!

interface FastEthernet0/2/1

!

interface FastEthernet0/2/2

!

interface FastEthernet0/2/3

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

ip route-cache flow

atm restart timer 300

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Vlan1

description BT's network 217.36.70.x

ip address 217.36.70.157 255.255.255.248

!

interface Dialer0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname xxxx

ppp chap password 7 xxxxx

ppp pap sent-username xxxxx password 7 xxxxx

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0 track 101

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250

ip route 8.8.4.4 255.255.255.255 Dialer0

ip route 109.159.248.158 255.255.255.255 Dialer0

!

!

ip nat inside source route-map isp1 interface Dialer0 overload

ip nat inside source route-map isp2 interface FastEthernet0/1 overload

!

ip access-list extended LAN_RANGE

permit ip 10.0.0.0 0.0.0.255 any

!

route-map isp2 permit 10

match ip address LAN_RANGE

match interface FastEthernet0/1

!

route-map isp1 permit 10

match ip address LAN_RANGE

match interface Dialer0


----------------------------------------------------------------

#sh ip int brief

Interface                        IP-Address      OK? Method Status                Protocol

FastEthernet0/0            10.0.0.1        YES NVRAM  up                    up

FastEthernet0/2/0          unassigned      YES unset  up                    down

FastEthernet0/2/1          unassigned      YES unset  up                    down

FastEthernet0/2/2          unassigned      YES unset  up                    down

FastEthernet0/2/3          unassigned      YES unset  up                    up

ATM0/1/0                     unassigned      YES NVRAM  up                    up

ATM0/1/0.1                 unassigned      YES unset  up                    up

Vlan1                         217.36.70.157   YES manual up                    up

NVI0                          unassigned      NO  unset  up                    up

Virtual-Access1            unassigned      YES unset  up                    up

Virtual-Access2            unassigned      YES unset  up                    down

Dialer0                         unassigned      YES TFTP   up                    up

Hall of Fame Super Gold

NAT with bridge and failover issue

You should be able to ping default gateway as given to you by ISP.

If you don't, take a step back, can you post the connections detail as given to you by ISP ?

New Member

Re: NAT with bridge and failover issue

I can ping the web through the DSL, yes. Everything also work fine on the lan Fa0/0.

But when I try to plug a device on the WIC switch (HWIC-4ESW) It doesn't work (I want these ports to serve the /28 of my ISP). Have I missed something ? Thanks.

Hall of Fame Super Gold

Re: NAT with bridge and failover issue

What is the default gateway address fro "main wan" ? It need to be configured as defafult route.

New Member

NAT with bridge and failover issue

Ok, the gateway is 217.32.141.129, so i've set

ip route 0.0.0.0 0.0.0.0 Dialer0 217.32.141.129

ip default-gateway 217.32.141.129

but still doesn't work. I can't ping 217.36.70.157 from a laptop on a Fe0/2/x int 

Here is my updated config for information:

version 12.4

!

ip cef

!

(snipped track stuff here)

!

interface FastEthernet0/0

description LAN /w NAT inet and failover

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1

description Demon's network 193.195.220.x

ip address 193.195.220.236 255.255.255.240

ip nat outside

ip virtual-reassembly

!

interface FastEthernet0/2/0

!

interface FastEthernet0/2/1

!

interface FastEthernet0/2/2

!

interface FastEthernet0/2/3

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

atm restart timer 300

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

interface Vlan1

description BT's network 217.36.70.x

no ip address

!

interface Dialer0

ip address 217.36.70.157 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname xxx

ppp chap password 7 xxx

ppp pap sent-username xxx password 7 xxx

!

ip default-gateway 217.32.141.129

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0 217.32.141.129

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250

!

ip nat inside source route-map isp1 interface Dialer0 overload

ip nat inside source route-map isp2 interface FastEthernet0/1 overload

!

ip access-list extended LAN_RANGE

permit ip 10.0.0.0 0.0.0.255 any

!

route-map isp2 permit 10

match ip address LAN_RANGE

match interface FastEthernet0/1

!

route-map isp1 permit 10

match ip address LAN_RANGE

match interface Dialer0

!

end

Hall of Fame Super Gold

NAT with bridge and failover issue

Again, if you have regular etherner connection, dialer do not apply, and vice-versa.

Please clarify and post here all the connection details as have been given to you by ISP.

New Member

Re: NAT with bridge and failover issue

Here is a small explanation, I hope you will understand better like that

                        ____________

                       |            |

LAN (nated access to --|- Fa0/0     |

internet 10.0.0.0/24)  |            |  

                       |     Fa0/1 -|-- (193.195.220.236)

                       |            | --Provider backup ----->

                       |            |

                       |            | ----- Main ISP ------>

                       |  ATM0/1/0 -|-- (217.36.70.157) ADSL PPPoE

                       |            |    217.36.70.152/29  

                       |            |   (GW: 217.32.141.129)

Servers on the BT's  --|- Fa0/2/0-3 |

      Subnet           |____________|

I'll use the 10.0.0.0/24 network for computers to access internet through NAT

I'll use the 4 port WIC module to connect some servers directly on the main isp network

NAT will failover on the Fa0/1 if the ADSL is down.

Hall of Fame Super Gold

Re: NAT with bridge and failover issue

I understand all that. I was thinking you had ethernet from BT, now I realize you have ADSL instead.

The next question is if BT give you a separate address for terminating PPP, let assume for now they don't.

So based on the last config you sent, change:

interface Vlan1

ip address 217.36.70.157 255.255.255.248

interface Dialer0

ip unnumbered vlan1

ppp ipcp route default

no ip route 0.0.0.0 0.0.0.0 Dialer0 217.32.141.129

And please take "debug ppp neg" with "term mon" when you connect ADSL

New Member

NAT with bridge and failover issue

Ok, here is the result:

...

*Jul 25 13:06:19.887: Vi2 CHAP: I SUCCESS id 1 len 43 msg is "CHAP authentication success, unit 14144"

*Jul 25 13:06:19.887: Vi2 PPP: Phase is FORWARDING, Attempting Forward

*Jul 25 13:06:19.887: Vi2 PPP: Queue IPCP code[1] id[204]

*Jul 25 13:06:19.887: Vi2 PPP: Phase is ESTABLISHING, Finish LCP

*Jul 25 13:06:19.887: Vi2 PPP: Phase is UP

*Jul 25 13:06:19.887: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10

*Jul 25 13:06:19.887: Vi2 IPCP:    Address 217.36.70.157 (0x0306D924469D)

*Jul 25 13:06:19.887: Vi2 PPP: Process pending ncp packets

*Jul 25 13:06:19.887: Vi2 IPCP: Redirect packet to Vi2

*Jul 25 13:06:19.887: Vi2 IPCP: I CONFREQ [REQsent] id 204 len 10

*Jul 25 13:06:19.887: Vi2 IPCP:    Address 217.32.141.129 (0x0306D9208D81)

*Jul 25 13:06:19.887: Vi2 IPCP: O CONFACK [REQsent] id 204 len 10

*Jul 25 13:06:19.891: Vi2 IPCP:    Address 217.32.141.129 (0x0306D9208D81)

*Jul 25 13:06:19.915: Vi2 IPCP: I CONFNAK [ACKsent] id 1 len 10

*Jul 25 13:06:19.915: Vi2 IPCP:    Address 86.140.19.226 (0x0306568C13E2)

*Jul 25 13:06:19.915: Vi2 IPCP: O CONFREQ [ACKsent] id 2 len 4

*Jul 25 13:06:19.943: Vi2 IPCP: I CONFNAK [ACKsent] id 2 len 10

*Jul 25 13:06:19.943: Vi2 IPCP:    Address 86.140.19.226 (0x0306568C13E2)

*Jul 25 13:06:19.943: Vi2 IPCP: Ignoring unrequested options!

*Jul 25 13:06:19.943: Vi2 IPCP: O CONFREQ [ACKsent] id 3 len 4

*Jul 25 13:06:19.967: Vi2 IPCP: I CONFACK [ACKsent] id 3 len 4

*Jul 25 13:06:19.967: Vi2 IPCP: State is Open

*Jul 25 13:06:19.971: Di0 IPCP: Install default route thru 217.32.141.129

*Jul 25 13:06:19.971: Di0 IPCP: Install route to 217.32.141.129

*Jul 25 13:06:19.971: Vi2 IPCP: Add link info for cef entry 217.32.141.129

*Jul 25 13:06:20.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to up

Thanks.

Hall of Fame Super Gold

Re: NAT with bridge and failover issue

I think that BT wants you have "ip address negotiated" under dialer0, however can you now ping 217.32.141.129 from router or devices on vlan 1 ?

Said devices will have default-gateway 217.36.70.157 and must be able to ping it.

New Member

NAT with bridge and failover issue

Everything work but the NAT. It's odd.

I start to think it's not feasible.

.

Hall of Fame Super Gold

NAT with bridge and failover issue

Can you try

int dialer0

ip address negotiated.

No other changes.

New Member

NAT with bridge and failover issue

It work. Thank you a lot Paolo !

Finally you were right, with "ip address negotiated"  BT assigned me a completelly different ip on the dialer. The subnet also  works nice and this way the router is not lost anymore with the NAT.  Brilliant !

Where does I send the coffee ?

Again, thank you.

Here  is the final complete config with all the stuff for the nat, sla  failover, etc (It's for information is someone need it one day, like me)

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname inet-failover-rt

!

boot-start-marker

boot system flash c2800nm-adventerprisek9-mz.124-25e.bin

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

enable secret 5 XXXXXXXXXX

!

no aaa new-model

!

ip cef

!

no ip bootp server

no ip domain lookup

ip domain name aac-services.co.uk

ip name-server 62.6.40.162

ip name-server 194.74.65.69

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

ip sla monitor 1

type pathEcho protocol ipIcmpEcho 8.8.4.4

timeout 999

threshold 500

owner GOOGLE DNS

frequency 2

ip sla monitor schedule 1 life forever start-time now

ip sla monitor 2

type pathEcho protocol ipIcmpEcho 193.0.14.129

timeout 999

threshold 500

owner RIPE DNS

frequency 2

ip sla monitor schedule 2 life forever start-time now

!

!

username admin privilege 15 password 7 XXXXXXXXXX

archive

log config

  hidekeys

!

ip tcp synwait-time 10

ip ssh authentication-retries 2

ip ssh logging events

ip ssh version 2

!

track 1 rtr 1 reachability

!

track 2 rtr 2 reachability

!

track 3 interface ATM0/2/0 line-protocol

!

track 10 list boolean or

object 1

object 2

!

track 101 list boolean and

object 3

object 10

!

track 102 interface FastEthernet0/1 line-protocol

!

interface FastEthernet0/0

description ***** LAN ******

ip address 10.10.10.1 255.255.255.0

ip access-group FW-LAN-IN in

ip access-group FW-LAN-OUT out

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description ***** Demon's Backup Broadband *****

ip address 193.195.220.236 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface ATM0/2/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

atm restart timer 300

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/2/0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Vlan1

description ***** BT network *****

ip address 217.36.70.157 255.255.255.248

!

interface Dialer0

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname XXXXXXXXXX

ppp chap password 7 XXXXXXXXXX

ppp pap sent-username XXXXXXXXXX password 7 XXXXXXXXXX

!

ip default-gateway 217.36.70.157

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0 track 101

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250 track 102

ip route 8.8.4.4 255.255.255.255 Dialer0

ip route 193.0.14.129 255.255.255.255 Dialer0

!

no ip http server

no ip http secure-server

ip nat inside source route-map ISP_1 interface Dialer0 overload

ip nat inside source route-map ISP_2 interface FastEthernet0/1 overload

!

ip access-list extended FW-LAN-IN

permit icmp any any

permit tcp any gt 1024 any eq 22

permit tcp any gt 1024 any eq www

permit tcp any gt 1024 any eq 443

permit tcp any gt 1024 any eq domain

permit udp any gt 1024 any eq domain

deny   ip any any log

ip access-list extended FW-LAN-OUT

permit icmp any any

permit tcp any eq 22 any gt 1024

permit tcp any eq www any gt 1024

permit tcp any eq 443 any gt 1024

permit tcp any eq domain any gt 1024

permit udp any eq domain any gt 1024

ip access-list extended LAN_RANGE

permit ip 10.10.10.0 0.0.0.255 any

!

route-map ISP_1 permit 10

match ip address LAN_RANGE

match interface Dialer0

!

route-map ISP_2 permit 10

match ip address LAN_RANGE

match interface FastEthernet0/1

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login local

transport input ssh

line vty 5 15

login local

transport input ssh

!

scheduler allocate 20000 1000

!

end

Hall of Fame Super Gold

NAT with bridge and failover issue

We should have tried that at the beginning, it's a common configuration.

Thank you for the nice rating and good luck!

979
Views
48
Helpful
25
Replies
CreatePlease to create content