Announcement

Collapse
No announcement yet.

Dual-WAN using Cisco 1811 router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dual-WAN using Cisco 1811 router

    Howdy, I have a Cisco 1811 router, I also have 2 internet connections. A T1 and a Cable modem. I have them both configured on the router and they seem to be working OK. However failover is not working, What I would like is for one internet connection to take over if the other one drops out. How could I go about configuring this? I am a cisco newbie so any help would be appreciated. Thanks!

    Current configuration : 11759 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname BUR-FIREWALL
    !
    boot-start-marker
    boot system flash:c181x-advipservicesk9-mz.124-9.T7.bin
    boot-end-marker
    !
    logging buffered 4096 debugging
    enable secret 5 Removed by Mod
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authorization exec default local
    !
    aaa session-id common
    !
    !
    aaa authentication login default local
    aaa authorization exec default local
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone PCTime -8
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    !
    !
    ip cef
    !
    !
    ip domain name hes.com
    ip name-server 64.105.172.26
    ip name-server 64.105.163.106
    ip ssh source-interface Vlan1
    ip inspect log drop-pkt

    !
    !
    class-map match-any sdm_p2p_kazaa
    match protocol fasttrack
    match protocol kazaa2
    class-map match-all site2
    match access-group 120
    class-map match-any sdm_p2p_edonkey
    match protocol edonkey
    class-map match-any sdm_p2p_gnutella
    match protocol gnutella
    class-map match-any sdm_p2p_bittorrent
    match protocol bittorrent
    !
    !
    policy-map VPN-output
    class site2
    bandwidth 400
    police cir 5000000
    policy-map sdmappfwp2p_SDM_MEDIUM
    class sdm_p2p_edonkey
    class sdm_p2p_gnutella
    class sdm_p2p_kazaa
    class sdm_p2p_bittorrent
    !
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 5
    crypto isakmp key burlingameremoteoffice1 address Removed by mod
    crypto isakmp key burlingameremoteoffice1 address Removed by mod
    crypto isakmp keepalive 10 3
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
    !
    crypto map vpncrypto 1 ipsec-isakmp
    description Tunnel to Removed by Mod
    set peer Removed by mod
    set transform-set ESP-3DES-SHA
    match address 105
    !
    !
    !
    !
    interface Loopback0
    ip address 1.1.1.1 255.255.255.252
    !
    interface FastEthernet0
    description Cable Modem$FW_OUTSIDE$$ETH-LAN$
    ip address Removed by mod
    ip access-group 103 in
    ip verify unicast reverse-path
    ip nat outside
    ip inspect SDM_MEDIUM out
    ip virtual-reassembly
    speed 10
    half-duplex
    service-policy input sdmappfwp2p_SDM_MEDIUM
    service-policy output sdmappfwp2p_SDM_MEDIUM
    !
    interface FastEthernet1
    description T1 Line$FW_OUTSIDE$$ETH-LAN$
    ip address Removed by mod
    ip verify unicast reverse-path
    ip nat outside
    no ip virtual-reassembly
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    duplex auto
    speed auto
    crypto map vpncrypto
    service-policy output VPN-output
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    !
    interface FastEthernet5
    !
    interface FastEthernet6
    !
    interface FastEthernet7
    !
    interface FastEthernet8
    !
    interface FastEthernet9
    duplex half
    speed 10
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$$ES_LAN$
    ip address 10.51.10.5 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1300
    ip policy route-map BYPASS-VPN
    !
    interface Async1
    no ip address
    encapsulation slip
    !
    ip route 0.0.0.0 0.0.0.0 Removed by mod
    ip route 10.31.10.0 255.255.255.0 66.7.227.241
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source static tcp 10.51.10.25 1723 interface FastEthernet1 1723
    ip nat inside source static tcp 10.51.10.25 3389 interface FastEthernet1 3389
    ip nat inside source route-map SDM_RMAP_1 interface FastEthernet1 overload
    !
    ip access-list extended acl_in
    remark SDM_ACL Category=1
    permit ip any any
    ip access-list extended acl_out
    remark SDM_ACL Category=1
    permit ip any any
    ip access-list extended inside_outbount_nat0_acl
    remark SDM_ACL Category=2
    remark IPSec Rule
    deny ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
    permit ip 10.51.10.0 0.0.0.255 any
    ip access-list extended sau2bg
    permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
    !
    access-list 100 remark auto generated by SDM firewall configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip 66.7.227.240 0.0.0.7 any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 100 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
    access-list 101 remark auto generated by SDM firewall configuration
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit udp host 64.105.163.106 eq domain host 66.7.227.242
    access-list 101 permit udp host 64.105.172.26 eq domain host 66.7.227.242
    access-list 101 deny ip 10.51.10.0 0.0.0.255 any
    access-list 101 permit icmp any host 66.7.227.242 echo-reply
    access-list 101 permit icmp any host 66.7.227.242 time-exceeded
    access-list 101 permit icmp any host 66.7.227.242 unreachable
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 deny ip any any log
    access-list 102 permit ip any any
    access-list 102 deny ip 127.0.0.0 0.255.255.255 any
    access-list 102 deny ip host 255.255.255.255 any
    access-list 103 remark auto generated by SDM firewall configuration
    access-list 103 remark SDM_ACL Category=1
    access-list 103 permit udp host 66.166.76.98 host 173.8.139.170 eq non500-isakmp
    access-list 103 permit udp host 66.166.76.98 host 173.8.139.170 eq isakmp
    access-list 103 permit esp host 66.166.76.98 host 173.8.139.170
    access-list 103 permit ahp host 66.166.76.98 host 173.8.139.170
    access-list 103 deny ip 10.51.10.0 0.0.0.255 any
    access-list 103 deny ip 66.7.227.240 0.0.0.7 any
    access-list 103 permit icmp any host 173.8.139.170 echo-reply
    access-list 103 permit icmp any host 173.8.139.170 time-exceeded
    access-list 103 permit icmp any host 173.8.139.170 unreachable
    access-list 103 deny ip 10.0.0.0 0.255.255.255 any
    access-list 103 deny ip 172.16.0.0 0.15.255.255 any
    access-list 103 deny ip 192.168.0.0 0.0.255.255 any
    access-list 103 deny ip 127.0.0.0 0.255.255.255 any
    access-list 103 deny ip host 255.255.255.255 any
    access-list 103 deny ip host 0.0.0.0 any
    access-list 103 deny ip any any log
    access-list 104 permit ip 10.51.10.0 0.0.0.255 any
    access-list 105 remark SDM_ACL Category=4
    access-list 105 remark IPSec Rule
    access-list 105 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
    access-list 111 permit ip any host 10.51.10.25
    access-list 111 permit ip any host 66.7.227.242
    access-list 111 permit ip host 66.7.227.242 any
    access-list 111 permit ip host 10.51.10.25 any
    access-list 111 permit ip any any
    access-list 120 permit esp any any
    access-list 150 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
    access-list 190 permit ip 10.51.10.0 0.0.0.255 10.31.10.0 0.0.0.255
    no cdp run
    !
    !
    !
    !
    route-map SDM_RMAP_1 permit 1
    match ip address inside_outbount_nat0_acl
    !
    !
    !
    !
    control-plane
    !
    banner login ^
    All connections are logged and monitored.
    Unauthorized access strictly forbidden.

    ^C
    !
    line con 0
    line 1
    modem InOut
    stopbits 1
    speed 115200
    flowcontrol hardware
    line aux 0
    line vty 0 4
    transport input ssh
    line vty 5 15
    transport input telnet ssh
    !
    !
    webvpn context Default_context
    ssl authenticate verify all
    !
    no inservice
    !
    end

    BUR-FIREWALL#
    Last edited by Dumber; 9th March 2010, 11:27. Reason: Tiding it a bit up....

  • #2
    Re: Dual-WAN using Cisco 1811 router

    there are so many security concerns with that configuration you've made publically available, that I don't know where to start.


    you need to massively sanitise this configuration before you post it !!
    Last edited by tehcamel; 9th March 2010, 11:17.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Dual-WAN using Cisco 1811 router

      Here is an example: http://www.inacom-sby.net/Shawn/post...-failover.aspx
      CCNA, Network+

      Comment

      Working...
      X