Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 376
  • Last Modified:

Cisco 1841 Router configure 2nd DSL for fail over

Hi,

I have a 1841 with a new added HWIC-4ESW. FE0/0 connects to LAN, FE0/1 connects to T1 router, FE0/0/0(VLAN1) connects to DSL router. T1 works fine. But DSL line doesn't work. I plan to use the DSL line for fail over for all services: WEB VPN RDP. How do I configure it for NAT, Routing, etc.? Thanks a lot.

Here is the config:

!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 ************************.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name fxmb.local
!
username admin privilege 15 secret 5 **************************************
!
!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 10.10.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description T1$ETH-LAN$
 ip address 10.10.20.3 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1/0
 description DSL
!
interface FastEthernet0/1/1
 shutdown
!
interface FastEthernet0/1/2
 shutdown
!
interface FastEthernet0/1/3
 shutdown
!
interface Serial0/0/0
 description $ES_WAN$$FW_OUTSIDE$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 service-module t1 timeslots 1-8
!
interface Vlan1
 description DSL
 ip address 10.10.30.2 255.255.255.0
 ip nat outside
!
router rip
 version 1
 network 10.0.0.0
 network 64.0.0.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.20.1 10
ip route 0.0.0.0 0.0.0.0 10.10.30.1 20
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source static tcp 10.10.1.2 3390 interface Vlan1 3390
ip nat inside source static tcp 10.10.1.2 83 interface FastEthernet0/1 83
ip nat inside source static tcp 10.10.1.2 22 interface FastEthernet0/1 22
ip nat inside source static tcp 10.10.1.2 3389 interface FastEthernet0/1 3389
ip nat inside source static tcp 10.10.1.2 80 interface FastEthernet0/1 80
ip nat inside source static tcp 10.10.1.2 25 interface FastEthernet0/1 25
ip nat inside source static tcp 10.10.1.2 1723 interface FastEthernet0/1 1723
ip nat inside source static udp 10.10.1.2 1723 interface FastEthernet0/1 1723
ip nat inside source static tcp 10.10.1.2 443 interface FastEthernet0/1 443
!
logging trap debugging
access-list 100 remark VPN
access-list 100 remark SDM_ACL Category=2
access-list 100 remark VPN
access-list 100 permit esp any host 64.60.21.10
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end


0
howardzhang
Asked:
howardzhang
  • 6
  • 5
1 Solution
 
mikecrCommented:
Do you have public IP addresses for those ethernet interfaces?
0
 
howardzhangAuthor Commented:
Yes. There is a linksys router between DSL Modem and Cisco FE0/0/0. The LAN IP of Linksys Router is 10.10.30.1. The similar situation for T1 Router. The LAN IP is 10.10.20.1.
0
 
mikecrCommented:
Your scenario won't work. If your primary connection is not physically on the router for the router to detect when it "goes down" routing will not work no matter what we do. The only way would be human intervention. If you know your T1 went down, then you would need to unplug the network cable from between the router and the T1. Your backup route would then work. Configuring the other stuff for the DSL wouldn't be a problem because you would only need a backup route on the router to send traffic to the Linksys in the event that your primary would go down. The Linksys would do that NAT and provide access to the internet.

But, like I said, since your primary internet connection is not physically on the router, you would need human intervention.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
howardzhangAuthor Commented:
Human Intervention is OK. How do I configure it as backup route? Can I use it for some kind of load balancing? How come NAT doesn't work now? Thanks.
0
 
mikecrCommented:
NAT is specific to an interface. Fill in the IP's with yours. If your using public IP's on VLAN1, then do the following:

config t
access-list 199 permit ip 172.16.1.0 0.0.0.255 any  (where 172.16 is your inside network)
ip nat inside source list 199 interface vlan1 overload

You're routing should be:
ip route 0.0.0.0 0.0.0.0 10.10.20.1
ip route 0.0.0.0 0.0.0.0 10.10.30.1 2

Once you have it configured, test by unplugging the cable from the primary internet link and see if you can get it to go out on the internet. It may take a couple moments from the time you unplug it till it works.
0
 
howardzhangAuthor Commented:
Thanks Mikecr.

I added access-list, route-map, dynamic nat and ip route command to the router, but I haven't got chance to test the fail over yet. The current problem is a static nat works for T1 but not for DSL. I can set port forwarding from T1's public ip to the server(port 3389) but same settings won't work for DSL(port 3390 to another server). Any idea?
0
 
howardzhangAuthor Commented:
Now I understand only one route is effective(the cheapest one). But how can static NAT also be transfered to the 2nd route when first route failed? Do I have to use dynamic NAT?
0
 
howardzhangAuthor Commented:
How can I make 2 internet connections work at the same time? For example, use DSL port 80 for web server, use T1 port 3389 for RDP, 21 for FTP, etc. Thanks.
0
 
mikecrCommented:
You can't get them to work at the same time unless they are both from the same provider. However, using route maps, you can force traffic out a certain connection. Routing takes precendence so even if you came in the DSL, you would go back out the T1 because that's the default route.
0
 
howardzhangAuthor Commented:
If the backup route is in use, I have to re-configure all the static NAT. No other solution?
0
 
mikecrCommented:
That would be correct.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now