Solved

Configuring Sucessful Load Balancing to the internet between Comcast Cable and ATT DSL WAN Connections

Posted on 2008-10-28
11
941 Views
Last Modified: 2013-12-14
Hey there. I appreciate all suggestions and help. I have 2 internet connections that I just installed. One is ATT's Static DSL and the other is  Comcast's DHCP cable. I am using a Cisco 3620 running the 12.3 IOS with 2 2-port ethernet network modules. I configured the router to access the internet using the Static IP dsl on my e0/1 interface, my LAN on e1/0 and the e0/1 interface is configured for the Comcast internet. When I configured one or the other internet access from my desktop is good. But when I configure it how cisco has it under the topic IOS NAT Load-Balancing for Two ISP Connections, pings to, yahoo.com for instance time out and internet access dies. I can ping everything in the router fine though and I see the routing table is supposed to be load balancing as I see the 0.0.0.0 network being routed to 2 IP's.  I am looking for any help in deturmining what I have missed. Thanks!  My sh ver and sh run is attached:


 
IOS (tm) 3600 Software (C3620-IK9O3S7-M), Version 12.3(22), RELEASE SOFTWARE (fc                                 2)
Image text-base: 0x60008B00, data-base: 0x61950000
ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
ROM: 3600 Software (C3620-IK9O3S7-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
System image file is "flash:c3620-ik9o3s7-mz.123-22.bin"
.cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of memory.
Processor board ID 14825936
R4700 CPU at 80MHz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
4 Ethernet/IEEE 802.3 interface(s)
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

! Last configuration change at 03:22:51 UTC Tue Oct 28 2008 by zharris4
! NVRAM config last updated at 02:09:21 UTC Tue Oct 28 2008 by zharris4
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!
hostname wanrtr1
!
boot-start-marker
boot-end-marker
!
logging buffered 10000 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx/
enable password 7 xxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec local_author local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa session-id common
ip subnet-zero
ip gratuitous-arps
!
!
ip cef
ip domain name harrissynergy.net
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool homelan
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 68.87.72.130 68.87.77.130
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username xxxxxxxxxxxx privilege 7 password 7 xxxxxxxxxxxxxxxxxxxxxx
username xxxxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxx
username xxxxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxx
!
!
ip finger
ip tcp synwait-time 10
ip ssh time-out 60
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 hash md5
 authentication pre-share
 group 2
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group xxxxxxxxxxxxxx
 key xxxxxxxxx
 dns 68.94.156.1 68.94.157.1
 pool SDM_POOL_1
 acl 100
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
 mode transport
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set security-association idle-time 3600
 set transform-set ESP-3DES-SHA
 reverse-route
crypto dynamic-map SDM_DYNMAP_1 2
 set security-association idle-time 3600
 set transform-set ESP-3DES-SHA1
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Ethernet0/0
 ip address 192.168.25.1 255.255.255.0
 ip mask-reply
 ip directed-broadcast
 half-duplex
!
interface Ethernet0/1
 description $ETH-WAN$
 no ip address
 ip mask-reply
 ip directed-broadcast
 ip nat outside
 half-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface Ethernet1/0
 description $FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip mask-reply
 ip directed-broadcast
 ip nat inside
 ip tcp adjust-mss 1412
 half-duplex
!
interface Ethernet1/1
 ip address dhcp
 ip mask-reply
 ip directed-broadcast
 ip nat outside
 ip tcp adjust-mss 1412
 half-duplex
 no cdp enable
!
interface Dialer0
 ip address xxxxxxxxxx  255.255.255.248
 ip mtu 1452
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxxxxx
 ppp chap password 0 xxxxxxxxxxxxxx
 ppp pap sent-username xxxxxxxxxxxx  password 0 xxxxxxxxx
 crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.1.40 192.168.1.45
ip nat inside source route-map att interface Ethernet0/1 overload
ip nat inside source route-map comcast interface Ethernet1/1 overload
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip classless
!
!
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
route-map att permit 10
 match ip address 110
 match interface Ethernet0/1
!
route-map comcast permit 10
 match ip address 110
 match interface Ethernet1/1
!
!
!
!
!
banner login ^CCStop..... Before you enter..... Consider this.........................^C
!
line con 0
 password 7 XXXXXXXXXXXXX
 login authentication lkcal_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 102 in
 password 7 XXXXXXXXXXXX
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler allocate 4000 1000
!
end

wanrtr1#
0
Comment
Question by:ziggynumber1
  • 6
  • 5
11 Comments
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
You are almost there but you need to specify the dialer0 interface for the DSL connection instead of the E0/1 interface.

conf t
no ip nat inside source route-map att interface Ethernet0/1 overload
ip nat inside source route-map att interface dialer0 overload

route-map att permit 10
no match interface Ethernet0/1
match interface dialer0
0
 

Author Comment

by:ziggynumber1
Comment Utility
Great! Now when I do a sh ip route, I get the following:

wanrtr1#sh ip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 99.48.243.102 to network 0.0.0.0
     68.0.0.0/32 is subnetted, 1 subnets
S       68.87.72.13 [254/0] via 67.175.178.1, Ethernet1/1
C    192.168.25.0/24 is directly connected, Ethernet0/0
     99.0.0.0/29 is subnetted, 1 subnets
C       99.48.243.96 is directly connected, Dialer0
     67.0.0.0/23 is subnetted, 1 subnets
C       67.175.178.0 is directly connected, Ethernet1/1
C    192.168.1.0/24 is directly connected, Ethernet1/0
     192.0.2.0/32 is subnetted, 1 subnets
C       192.0.2.100 is directly connected, Dialer0
S*   0.0.0.0/0 [1/0] via 99.48.243.102
wanrtr1#
 
I think I missed something again. I have attached the new running config. Thanks again for your help!
 

wanrtr1#
wanrtr1#sh run
Building configuration...
Current configuration : 4487 bytes
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!
hostname wanrtr1
!
boot-start-marker
boot-end-marker
!
logging buffered 10000 debugging
enable secret 5 xxxxxx
enable password 7 xxxxxxx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec local_author local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa session-id common
ip subnet-zero
ip gratuitous-arps
!
!
ip cef
ip domain name xxxxxx
ip name-server 68.94.156.1
ip name-server 68.94.157.1
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool homelan
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 68.94.156.1 68.94.157.1
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username zharris1 privilege 7 password 7 xxxxxx
username zharris4 privilege 15 password 7 xxxxxx
username ziggynum1 privilege 15 secret 5 xxxxxx
!
!
ip finger
ip tcp synwait-time 10
ip ssh time-out 60
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 hash md5
 authentication pre-share
 group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group xxxxx
 key xxxxx
 dns 68.94.156.1 68.94.157.1
 pool SDM_POOL_1
 acl 100
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
 mode transport
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set security-association idle-time 3600
 set transform-set ESP-3DES-SHA
 reverse-route
crypto dynamic-map SDM_DYNMAP_1 2
 set security-association idle-time 3600
 set transform-set ESP-3DES-SHA1
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Ethernet0/0
 ip address 192.168.25.1 255.255.255.0
 ip mask-reply
 ip directed-broadcast
 half-duplex
!
interface Ethernet0/1
 description $ETH-WAN$
 no ip address
 ip mask-reply
 ip directed-broadcast
 ip nat outside
 half-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface Ethernet1/0
 description $FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip mask-reply
 ip directed-broadcast
 ip nat inside
 ip tcp adjust-mss 1412
 half-duplex
!
interface Ethernet1/1
 ip address dhcp
 ip mask-reply
 ip directed-broadcast
 ip nat outside
 ip tcp adjust-mss 1412
 half-duplex
 no cdp enable
!
interface Dialer0
 ip address 99.48.243.97 255.255.255.248
 ip mtu 1452
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxx
 ppp chap password 0 xxxxx
 ppp pap sent-username xxxxx password 0 xxxxxx
 crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.1.40 192.168.1.45
ip nat inside source route-map att interface Dialer0 overload
ip nat inside source route-map comcast interface Ethernet1/1 overload
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 xxxxx
ip route 0.0.0.0 0.0.0.0 Ethernet1/1 dhcp
!
!
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
route-map att permit 10
 match ip address 110
 match interface Dialer0
!
route-map comcast permit 10
 match ip address 110
 match interface Ethernet1/1
!
!
!
!
!
banner login ^CCStop..... Before you enter..... Consider this...................
......^C
!
line con 0
 password 7 xxxxx
 login authentication lkcal_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 102 in
 password 7 xxxxxx
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler allocate 4000 1000
!
end
wanrtr1#
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
That is strange.  Not sure where the routing table is receiving that static route via e1/1.  Try the default route via DHCP without the e1/1 specification:

cont t
no ip route 0.0.0.0 0.0.0.0 Ethernet1/1 dhcp
ip route 0.0.0.0 0.0.0.0 dhcp
ip route 0.0.0.0 0.0.0.0 xxxxx   <--I'm assuming xxxxx is the gateway out the Dialer0 interface via DSL

Do a "show ip route" again.  If the same results, try removing the static default DHCP route as the router should learn it automatically.
0
 

Author Comment

by:ziggynumber1
Comment Utility
Still no change after I tried both . Its really wierd.  The sh ip cef is:
wanrtr1#sh ip cef
Prefix              Next Hop             Interface
0.0.0.0/0           99.48.243.102        Dialer0
0.0.0.0/32          receive
67.175.178.0/23     attached             Ethernet1/1
67.175.178.0/32     receive
67.175.178.1/32     67.175.178.1         Ethernet1/1
67.175.178.137/32   receive
67.175.179.255/32   receive
68.87.72.13/32      67.175.178.1         Ethernet1/1
99.48.243.96/29     attached             Dialer0
99.48.243.96/32     receive
99.48.243.97/32     receive
99.48.243.103/32    receive
192.0.2.100/32      attached             Dialer0
192.168.1.0/24      attached             Ethernet1/0
192.168.1.0/32      receive
192.168.1.1/32      receive
192.168.1.100/32    192.168.1.100        Ethernet1/0
192.168.1.101/32    192.168.1.101        Ethernet1/0
192.168.1.103/32    192.168.1.103        Ethernet1/0
192.168.1.255/32    receive
192.168.25.0/24     attached             Ethernet0/0
192.168.25.0/32     receive
192.168.25.1/32     receive
Prefix              Next Hop             Interface
192.168.25.255/32   receive
224.0.0.0/4         drop
224.0.0.0/24        receive
255.255.255.255/32  receive
wanrtr1#
 

wanrtr1#sh ip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 99.48.243.102 to network 0.0.0.0
     68.0.0.0/32 is subnetted, 1 subnets
S       68.87.72.13 [254/0] via 67.175.178.1, Ethernet1/1
C    192.168.25.0/24 is directly connected, Ethernet0/0
     99.0.0.0/29 is subnetted, 1 subnets
C       99.48.243.96 is directly connected, Dialer0
     67.0.0.0/23 is subnetted, 1 subnets
C       67.175.178.0 is directly connected, Ethernet1/1
C    192.168.1.0/24 is directly connected, Ethernet1/0
     192.0.2.0/32 is subnetted, 1 subnets
C       192.0.2.100 is directly connected, Dialer0
S*   0.0.0.0/0 [1/0] via 99.48.243.102
wanrtr1#
 
 
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
Can you post a "show ip int brief".  Are you sure "99.48.243.102" is your next hop via the DSL?  Or is your route via "dialer0" (could try that).
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:ziggynumber1
Comment Utility
Sure!
wanrtr1#sh ip int brie
Interface                  IP-Address      OK? Method Status                Prot
ocol
Ethernet0/0                192.168.25.1    YES NVRAM  up                    up
Ethernet0/1                unassigned      YES NVRAM  up                    up
Ethernet1/0                192.168.1.1     YES NVRAM  up                    up
Ethernet1/1                67.175.178.137  YES DHCP   up                    up
Virtual-Access1            unassigned      YES unset  up                    up
Dialer0                    99.48.243.97    YES NVRAM  up                    up
wanrtr1#
wanrtr1#
I called ATT to reconfirm that my default gatway is 102 and they said it was. I think so because thats how I am connecting to the internet right now. So I should try changing the default route from the dot 102, to dialer 0?
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
The connected subnet of 192.0.2.100/32 on the dialer0 interface was throwing me.  Try adding this default route for Comcast and see if it adds it (for testing).

conf t
no ip route 0.0.0.0 0.0.0.0 dhcp
ip route 0.0.0.0 0.0.0.0 67.175.178.1

Does it now show up in the table?
0
 

Author Comment

by:ziggynumber1
Comment Utility
That works!!!
wanrtr1#sh ip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 99.48.243.102 to network 0.0.0.0
     68.0.0.0/32 is subnetted, 1 subnets
S       68.87.72.13 [254/0] via 67.175.178.1, Ethernet1/1
C    192.168.25.0/24 is directly connected, Ethernet0/0
     99.0.0.0/29 is subnetted, 1 subnets
C       99.48.243.96 is directly connected, Dialer0
     67.0.0.0/23 is subnetted, 1 subnets
C       67.175.178.0 is directly connected, Ethernet1/1
C    192.168.1.0/24 is directly connected, Ethernet1/0
     192.0.2.0/32 is subnetted, 1 subnets
C       192.0.2.100 is directly connected, Dialer0
S*   0.0.0.0/0 [1/0] via 99.48.243.102
               [1/0] via 67.175.178.1
wanrtr1#
 
Now I think we are in business. Well at least I hope we are.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
Comment Utility
There is one flaw with this setup though.  Since you are using DHCP with Comcast, if your IP/subnet changes, the default route will no longer be valid and you will need to change it manually.

I would plug a PC into the comcast connection and see if you get an IP and proper default gateway.  It is almost like Comcast isn't announcing the default route to you but instead this strange 68.87.72.13/32 route.  If the PC sees the same thing, I would call Comcast.  If the PC has a valid gateway, we can focus back on the router.  This obviously wouldn't be an issue if you had Comcast Business with a static IP address.
0
 

Author Closing Comment

by:ziggynumber1
Comment Utility
I wanted to give it a few hours to see the config running stable. Man I feel like I am back in college with my instructor and Im racking my brain trying to figure it out and my instructor comes by after seeing me getting ready to read that router its last rights (lol), looks at my config and say you almost got it just do this, and it works!!! ha!! Man I cant thank you enough!
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
No problem at all.  Glad to help!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now