Advertisement

05.09.2008 at 11:20PM PDT, ID: 23391339 | Points: 250
[x]
Attachment Details

Failover configuration between ADSL and V-Sat line

Asked by whizykid in Network Routers

Tags: CISCO, ISR, 2811

Dear All,

I have a CISCO 2811 router with 2 HWIC and 2 fast ethernet port. One fast ethernet port connected to my CISCO 2960 switch and other Fast ethernet port connected to a V-Sat line.

I configured ADSL line over the both  HWIC card. I have 3 public ip address from these three wan connection (2 ADSL line and 1 V-Sat line). These 3 ip address binded to QDN.(www.xxxx.com). But over ADSL line NAT is done for dialer 0 interface (out going). So when we are telneting with other ip address its not working

Please give some idea to configure fail over between ADSL line and V-Sat line configured on fast ethernet port.

I am putting my my config details below. Please do the needful

User Access Verification

Username: xxxx
Password:

SSBS-BH>en
Password:
SSBS-BH#sh run
Building configuration...

Current configuration : 5137 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 errors
enable secret 5 $1$2GhK$/RsVo164.YCpuorgtMmuN/
!
aaa new-model
!
!
aaa authentication login xxxx local
aaa authorization network xxxx local
!
!
aaa session-id common
!
!
ip cef
!
!
no ip domain lookup
ip domain name xxxx
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3635042122
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3635042122
 revocation-check none
 rsakeypair TP-self-signed-3635042122
!
!
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 authentication pre-share
!
crypto isakmp policy 3
 hash md5
 authentication pre-share
crypto isakmp key xxx address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 20
crypto isakmp nat keepalive 20
crypto isakmp client configuration address-pool local abc
!
crypto isakmp client configuration group vpngroupbh
 key xxx
 pool abc
 acl 110
 save-password
!
!
crypto ipsec transform-set setA esp-des esp-md5-hmac
!
crypto dynamic-map mapA 1
 set transform-set setA
!
!
crypto map mapA client authentication list test
crypto map mapA isakmp authorization list vpngroupbh
crypto map mapA client configuration address initiate
crypto map mapA client configuration address respond
crypto map mapA 1 ipsec-isakmp dynamic mapA
!
!
!
username xxx privilege 15 password 0 xxxx
username xxxx privilege 15 secret 5 $1$XC/U$8KikHqij3GQcgY4.J6q4i/
archive
 log config
  hidekeys
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.0.0.138 255.0.0.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 64.110.73.158 255.255.255.248 secondary
 ip address 64.110.73.157 255.255.255.248
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface Serial0/1/0
 no ip address
 shutdown
 clock rate 2000000
!
interface ATM0/2/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0/2/0.1 point-to-point
 no snmp trap link-status
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface ATM0/3/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0/3/0.1 point-to-point
 no snmp trap link-status
 pvc 8/35
  encapsulation aal5snap
  protocol ppp dialer
  dialer pool-member 1
 !
!
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username xxx password 0 xxxx
 crypto map mapA
!
interface Dialer2
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username ssb3 password 0 123456
 crypto map mapA
!
ip local pool abc 192.168.10.1 192.168.10.100
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer2 10
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 20
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 150 interface Dialer0 overload
ip nat inside source static tcp 10.0.0.1 1723 interface Dialer0 1723
ip nat inside source static tcp 10.0.0.1 3389 interface Dialer0 3389
ip nat inside source static tcp 10.0.0.1 80 interface Dialer0 80
ip nat inside source static tcp 10.0.0.1 2121 interface Dialer0 2121
ip nat inside source static tcp 10.0.0.40 21 interface Dialer0 21
ip nat inside source static tcp 10.0.0.40 3007 interface Dialer0 3007
ip nat inside source static tcp 10.0.0.41 22 interface Dialer0 22
ip nat inside source static tcp 10.0.0.41 80 interface Dialer0 8085
ip nat inside source static tcp 10.0.0.41 21 interface Dialer0 2101
ip nat inside source static tcp 10.0.0.12 5995 interface Dialer0 5995
ip nat inside source static tcp 10.0.0.12 3389 interface Dialer0 7200
ip nat inside source static tcp 10.0.0.41 8086 interface Dialer0 8086
ip nat inside source static tcp 192.168.1.200 6789 interface Dialer0 6789
ip nat inside source static tcp 10.0.0.41 1521 interface Dialer0 1521
ip nat inside source static tcp 10.0.0.60 3389 interface Dialer0 7000
!
logging trap critical
logging 10.0.0.1
access-list 23 permit 10.0.0.1
access-list 110 permit ip 10.0.0.0 0.255.255.255 192.168.10.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 150 deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 150 deny   ip 10.0.0.0 0.255.255.255 192.168.10.0 0.0.0.255
access-list 150 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password xxxx
!
scheduler allocate 20000 1000

!
webvpn cef
!
end


Start Free Trial
[+][-]05.10.2008 at 08:49PM PDT, ID: 21541408

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.11.2008 at 07:07AM PDT, ID: 21542482

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.13.2008 at 10:12PM PDT, ID: 21561421

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.14.2008 at 05:27AM PDT, ID: 21563335

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.14.2008 at 10:05AM PDT, ID: 21566339

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628