Solved

Cisco 1721 Config. HELP!!

Posted on 2004-10-23
308 Views
Last Modified: 2010-04-17
I have a cisco 1721 router with 2 WIC's. Ethernet0 is our SDSL line (primary connection) and Ethernet1 is our ADSL line (secondary connection). Currently all of the traffic flows in/out through Ethernet0. Then there is an aaa.aaa.aaa.1 subnet on the inside interface of the router and the outside interface aaa.aaa.aaa.2 of our PIX 506e. Behind the pix there is the workstations that are on a bbb.bbb.bbb.bbb subnet. On the bbb.bbb.bbb.bbb subnet there is an exchange server and one workstation both have static addresses on the bbb.bbb.bbb.bbb subnet that are routed out to public addresses. i need to know how to configure the router to failover to the secondary line when down and also not lose any of the NATing. Please help as i having a lot of trouble with the configuration. i have attached the configuration of the router.  Thank you.


show run
Building configuration...

Current configuration : 5230 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!

!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical

!
 

clock timezone Pacific -8
clock summer-time Pacific date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa session-id common
ip subnet-zero
no ip source-route
!
!
!
!
ip tcp synwait-time 10
no ip cef

ip name-server xxx.xxx.xxx.xx
ip name-server xxx.xxx.xxx.xx
no ip bootp server
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
track 1 rtr 1 reachability
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0
 description $ETH-WAN$WAN Connection
 ip address Ethernet0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 no ip mroute-cache
 half-duplex
 no cdp enable
!
interface Ethernet1
 ip address Ethernet1
 ip nat outside
 ip virtual-reassembly
 half-duplex
 no cdp enable
!
interface FastEthernet0
 description $ETH-LAN$$INTF-INFO-10/100 Ethernet$$FW_INSIDE$SDSL Line
 ip address aaa.aaa.aaa.aaa
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 no ip mroute-cache
 speed auto
 no cdp enable
!

ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 0.0.0.0 0.0.0.0 Ethernet1

ip route xxx.xxx.xxx.xxx GW of Ethernet1
ip route xxx.xxx.xxx.xxx GW of Ethernet1
ip route bbb.bbb.bbb.bbb aaa.aaa.aaa.aaa
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source route-map nonat interface Ethernet0 overload
ip nat inside source static udp bbb.bbb.bbb.bb 4900 Ethernet0(seperate public IP) 4900 extendable
ip nat inside source static udp bbb.bbb.bbb.bb 4900 Ethernet0(seperate public IP) 4901 extendable

ip nat inside source static Exchange route out to public IP extendable
ip nat inside source static tcp 1.1.1.1 23 Ethernet1 23 extendable
!
!
logging trap debugging
access-list 100 deny   ip host bbb.bbb.bbb.bb any
access-list 100 permit ip aaa.aaa.aaa.aa any
access-list 100 permit ip bbb.bbb.bbb.bb any
access-list 101 permit icmp any host Ethernet0
access-list 102 permit ip any xx.xx.xx.0 0.0.0.255
access-list 102 permit ip xx.xx.xx.0 0.0.0.255 any


no cdp run
!
route-map natsec permit 10
 match interface Ethernet1
!
route-map natpri permit 10
 match interface Ethernet0
!
route-map Primary permit 10
 match ip address 101
 set interface Ethernet0 Null0
!
route-map Primary permit 20
 match ip address 102
 set interface Ethernet1
!
route-map Primary permit 30
 match ip address 115
 set default interface Ethernet0
!
route-map nonat permit 70
 match ip address 100
!
route-map nat permit 10
 match ip address 100
 set ip next-hop verify-availability Ethernet0 10 track 1
 set ip next-hop Ethernet1
!

 
!
control-plane
!
rtr 1
 type echo protocol ipIcmpEcho Ethernet0
 timeout 2000
 threshold 2
 frequency 3
rtr schedule 1 life forever start-time now
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 privilege level 15
 transport input telnet
line vty 5 15
 privilege level 15
 transport input telnet

scheduler allocate 4000 1000
scheduler interval 500
end
0
Question by:kunalclk
    1 Comment
     
    LVL 11

    Accepted Solution

    by:
    > ip route 0.0.0.0 0.0.0.0 Ethernet0
    > ip route 0.0.0.0 0.0.0.0 Ethernet1

    This will enable failover of outbound traffic, but NATting will not (cannot!) be preserved.  (It's often recommended to add a weight to the secondary route to ensure that the primary is used whenever it's available.)

    With public IP addresses for your servers, you'd like to fail-over inbound traffic as well, right?  That's going to require coordination with your ADSL and SDSL providers; the canonical way to achieve this is to get your own AS number and run BGP, but that's only an option if both providers are willing to go along -- I suspect that few providers are willing to talk BGP over DSL services.

    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Anonabox PRO Tor & VPN Router

    PRO is the most advanced way to fortify your privacy and online anonymity by layering the Tor network with VPN services. Use both together or separately, and without needing to download software onto your devices.

    Suggested Solutions

    Title # Comments Views Activity
    Is my Machine open to hackers 3 57
    Access-List and Distribute-List 5 37
    VPN Problems 3 13
    Cisco 2921 WIC card 2 21
    While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
    Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    860 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now