Cisco 1841 Router configure 2nd DSL for fail over
Hi,
I have a 1841 with a new added HWIC-4ESW. FE0/0 connects to LAN, FE0/1 connects to T1 router, FE0/0/0(VLAN1) connects to DSL router. T1 works fine. But DSL line doesn't work. I plan to use the DSL line for fail over for all services: WEB VPN RDP. How do I configure it for NAT, Routing, etc.? Thanks a lot.
Here is the config:
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 ************************.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name fxmb.local
!
username admin privilege 15 secret 5 **************************
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 10.10.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description T1$ETH-LAN$
ip address 10.10.20.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1/0
description DSL
!
interface FastEthernet0/1/1
shutdown
!
interface FastEthernet0/1/2
shutdown
!
interface FastEthernet0/1/3
shutdown
!
interface Serial0/0/0
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
service-module t1 timeslots 1-8
!
interface Vlan1
description DSL
ip address 10.10.30.2 255.255.255.0
ip nat outside
!
router rip
version 1
network 10.0.0.0
network 64.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.20.1 10
ip route 0.0.0.0 0.0.0.0 10.10.30.1 20
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source static tcp 10.10.1.2 3390 interface Vlan1 3390
ip nat inside source static tcp 10.10.1.2 83 interface FastEthernet0/1 83
ip nat inside source static tcp 10.10.1.2 22 interface FastEthernet0/1 22
ip nat inside source static tcp 10.10.1.2 3389 interface FastEthernet0/1 3389
ip nat inside source static tcp 10.10.1.2 80 interface FastEthernet0/1 80
ip nat inside source static tcp 10.10.1.2 25 interface FastEthernet0/1 25
ip nat inside source static tcp 10.10.1.2 1723 interface FastEthernet0/1 1723
ip nat inside source static udp 10.10.1.2 1723 interface FastEthernet0/1 1723
ip nat inside source static tcp 10.10.1.2 443 interface FastEthernet0/1 443
!
logging trap debugging
access-list 100 remark VPN
access-list 100 remark SDM_ACL Category=2
access-list 100 remark VPN
access-list 100 permit esp any host 64.60.21.10
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
I have a 1841 with a new added HWIC-4ESW. FE0/0 connects to LAN, FE0/1 connects to T1 router, FE0/0/0(VLAN1) connects to DSL router. T1 works fine. But DSL line doesn't work. I plan to use the DSL line for fail over for all services: WEB VPN RDP. How do I configure it for NAT, Routing, etc.? Thanks a lot.
Here is the config:
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 ************************.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name fxmb.local
!
username admin privilege 15 secret 5 **************************
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 10.10.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description T1$ETH-LAN$
ip address 10.10.20.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1/0
description DSL
!
interface FastEthernet0/1/1
shutdown
!
interface FastEthernet0/1/2
shutdown
!
interface FastEthernet0/1/3
shutdown
!
interface Serial0/0/0
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
service-module t1 timeslots 1-8
!
interface Vlan1
description DSL
ip address 10.10.30.2 255.255.255.0
ip nat outside
!
router rip
version 1
network 10.0.0.0
network 64.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.20.1 10
ip route 0.0.0.0 0.0.0.0 10.10.30.1 20
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source static tcp 10.10.1.2 3390 interface Vlan1 3390
ip nat inside source static tcp 10.10.1.2 83 interface FastEthernet0/1 83
ip nat inside source static tcp 10.10.1.2 22 interface FastEthernet0/1 22
ip nat inside source static tcp 10.10.1.2 3389 interface FastEthernet0/1 3389
ip nat inside source static tcp 10.10.1.2 80 interface FastEthernet0/1 80
ip nat inside source static tcp 10.10.1.2 25 interface FastEthernet0/1 25
ip nat inside source static tcp 10.10.1.2 1723 interface FastEthernet0/1 1723
ip nat inside source static udp 10.10.1.2 1723 interface FastEthernet0/1 1723
ip nat inside source static tcp 10.10.1.2 443 interface FastEthernet0/1 443
!
logging trap debugging
access-list 100 remark VPN
access-list 100 remark SDM_ACL Category=2
access-list 100 remark VPN
access-list 100 permit esp any host 64.60.21.10
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
mikecr
Do you have public IP addresses for those ethernet interfaces?
ASKER
Yes. There is a linksys router between DSL Modem and Cisco FE0/0/0. The LAN IP of Linksys Router is 10.10.30.1. The similar situation for T1 Router. The LAN IP is 10.10.20.1.
Your scenario won't work. If your primary connection is not physically on the router for the router to detect when it "goes down" routing will not work no matter what we do. The only way would be human intervention. If you know your T1 went down, then you would need to unplug the network cable from between the router and the T1. Your backup route would then work. Configuring the other stuff for the DSL wouldn't be a problem because you would only need a backup route on the router to send traffic to the Linksys in the event that your primary would go down. The Linksys would do that NAT and provide access to the internet.
But, like I said, since your primary internet connection is not physically on the router, you would need human intervention.
But, like I said, since your primary internet connection is not physically on the router, you would need human intervention.
ASKER
Human Intervention is OK. How do I configure it as backup route? Can I use it for some kind of load balancing? How come NAT doesn't work now? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Mikecr.
I added access-list, route-map, dynamic nat and ip route command to the router, but I haven't got chance to test the fail over yet. The current problem is a static nat works for T1 but not for DSL. I can set port forwarding from T1's public ip to the server(port 3389) but same settings won't work for DSL(port 3390 to another server). Any idea?
I added access-list, route-map, dynamic nat and ip route command to the router, but I haven't got chance to test the fail over yet. The current problem is a static nat works for T1 but not for DSL. I can set port forwarding from T1's public ip to the server(port 3389) but same settings won't work for DSL(port 3390 to another server). Any idea?
ASKER
Now I understand only one route is effective(the cheapest one). But how can static NAT also be transfered to the 2nd route when first route failed? Do I have to use dynamic NAT?
ASKER
How can I make 2 internet connections work at the same time? For example, use DSL port 80 for web server, use T1 port 3389 for RDP, 21 for FTP, etc. Thanks.
You can't get them to work at the same time unless they are both from the same provider. However, using route maps, you can force traffic out a certain connection. Routing takes precendence so even if you came in the DSL, you would go back out the T1 because that's the default route.
ASKER
If the backup route is in use, I have to re-configure all the static NAT. No other solution?
That would be correct.