Announcement

Collapse
No announcement yet.

Help With Nat on 2 interfaces

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help With Nat on 2 interfaces

    As you can see from the config, I have 2 Internet connections

    1 - ADSL with TalkTalk
    2 - Ethernet with Virginmedia

    The current issues i have are, If i shutdown the Virginmedia interface FA0/0 and restart the Dialer1 interface and put a static route all on 0.0.0.0 0.0.0.0 dialer1 Internet and nat works great, If i shutdown the Dialer1 and take off the static route and bring up the Virginmedia interface FA0/0 a default route all is injected and the internet works fine.

    Now if I bring up the dialer1 interface with the Virginmedia interface enabled the dialer comes up and gets is Ip address from TalkTalk but will not allow me to route traffic over it, even if i put a static route into the routing table.


    -------------------------------------------------------------

    Cisco 2621XM with 127308K/3764K bytes of memory.
    M860 processor: part number 5, mask 2
    2 FastEthernet interfaces
    1 ATM interface
    32K bytes of NVRAM.
    32768K bytes of processor board System flash (Read/Write)

    c2600-advsecurityk9-mz.124-15.T5.bin

    ------------ My config -----------------


    version 12.4
    service nagle
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname CMCHome
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 8192
    no logging console
    !
    no aaa new-model
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    no ip source-route
    ip cef
    !
    !
    ip inspect alert-off
    ip inspect tcp finwait-time 10
    ip inspect name myfw ftp timeout 3600
    ip inspect name myfw smtp timeout 3600
    ip inspect name myfw udp timeout 3600
    ip inspect name myfw cuseeme
    ip inspect name myfw fragment maximum 256 timeout 1
    ip inspect name myfw h323
    ip inspect name myfw icmp
    ip inspect name myfw netshow
    ip inspect name myfw rcmd
    ip inspect name myfw realaudio
    ip inspect name myfw rtsp
    ip inspect name myfw sip
    ip inspect name myfw sqlnet
    ip inspect name myfw streamworks
    ip inspect name myfw tcp timeout 3600
    ip inspect name myfw tftp
    ip inspect name myfw vdolive
    ip inspect name myfw http
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    no ip dhcp use vrf connected
    ip dhcp excluded-address 172.30.4.225 172.30.4.239
    !
    ip dhcp pool LocalPool
    network 172.30.4.224 255.255.255.224
    domain-name mccormacks.com
    default-router 172.30.4.225
    dns-server 8.8.8.8 8.8.4.4
    lease 7
    !
    !
    no ip bootp server
    no ip domain lookup
    ip domain name chrism.co.uk
    ip name-server 172.30.1.11
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    !
    !
    ip ssh time-out 60
    ip ssh authentication-retries 2
    ip ssh version 1
    !
    buffers small initial 100
    buffers middle initial 50
    buffers big initial 110
    !
    !
    !
    interface ATM0/0
    description ***** Connected To TalkTalk *****
    no ip address
    no ip redirects
    no ip unreachables
    no ip mroute-cache
    no atm ilmi-keepalive
    dsl operating-mode auto
    clock rate aal5 5300000
    hold-queue 224 in
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0/0
    description ****** Connected to Virginmedia ******
    ip address dhcp
    ip access-group 110 in
    no ip redirects
    no ip unreachables
    ip inspect myfw out
    ip nat outside
    ip virtual-reassembly
    no ip mroute-cache
    speed auto
    full-duplex
    no cdp enable
    !
    interface FastEthernet0/1
    description ***** Connected To LAN *****
    ip address 172.30.4.225 255.255.255.224
    no ip redirects
    no ip unreachables
    ip nat inside
    ip virtual-reassembly
    no ip mroute-cache
    speed auto
    full-duplex
    no cdp enable
    !
    interface Dialer1
    ip address negotiated
    no ip redirects
    no ip unreachables
    ip mtu 1492
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer idle-timeout 0 either
    dialer persistent
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname (My username )
    ppp chap password (My Password )
    ppp ipcp dns request
    ppp ipcp address accept
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    ip http secure-server
    ip nat inside source list 112 interface FastEthernet0/0 overload
    ip nat inside source list 113 interface Dialer1 overload
    !
    access-list 110 remark inbound access list
    access-list 110 permit ip host 195.166.158.63 any
    access-list 110 permit ip 213.160.0.0 0.0.255.255 any
    access-list 110 permit udp any any eq bootpc
    access-list 110 deny ip any any
    access-list 112 permit ip 172.30.4.224 0.0.0.31 any
    access-list 112 deny ip any any
    access-list 113 permit ip 172.30.4.224 0.0.0.31 any
    access-list 113 deny ip any any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    exec-timeout 5 0
    login local
    transport output telnet ssh
    line aux 0
    line vty 0 4
    exec-timeout 5 0
    login local
    transport input telnet ssh
    transport output telnet ssh
    !
    scheduler allocate 4000 1000
    !
    end




    Anyone got any ideas pls, have been playing around for days now

    Thanks

    Chris

  • #2
    Re: Help With Nat on 2 interfaces

    Ok so getting a bit closer, current ruinning config

    version 12.4
    service nagle
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname CMCHome
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 8192
    no logging console
    !
    no aaa new-model
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    no ip source-route
    ip cef
    !
    !
    ip inspect alert-off
    ip inspect tcp finwait-time 10
    ip inspect name talktalk ftp timeout 3600
    ip inspect name talktalk smtp timeout 3600
    ip inspect name talktalk udp timeout 3600
    ip inspect name talktalk cuseeme
    ip inspect name talktalk fragment maximum 256 timeout 1
    ip inspect name talktalk h323
    ip inspect name talktalk icmp
    ip inspect name talktalk netshow
    ip inspect name talktalk rcmd
    ip inspect name talktalk realaudio
    ip inspect name talktalk rtsp
    ip inspect name talktalk sip
    ip inspect name talktalk sqlnet
    ip inspect name talktalk streamworks
    ip inspect name talktalk tcp timeout 3600
    ip inspect name talktalk tftp
    ip inspect name talktalk vdolive
    ip inspect name talktalk http
    ip inspect name virginmedia ftp timeout 3600
    ip inspect name virginmedia smtp timeout 3600
    ip inspect name virginmedia udp timeout 3600
    ip inspect name virginmedia cuseeme
    ip inspect name virginmedia fragment maximum 256 timeout 1
    ip inspect name virginmedia h323
    ip inspect name virginmedia icmp
    ip inspect name virginmedia netshow
    ip inspect name virginmedia rcmd
    ip inspect name virginmedia realaudio
    ip inspect name virginmedia rtsp
    ip inspect name virginmedia sip
    ip inspect name virginmedia sqlnet
    ip inspect name virginmedia streamworks
    ip inspect name virginmedia tcp timeout 3600
    ip inspect name virginmedia tftp
    ip inspect name virginmedia vdolive
    ip inspect name virginmedia http
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    no ip dhcp use vrf connected
    ip dhcp excluded-address 172.30.4.225 172.30.4.239
    !
    ip dhcp pool mccormacks
    network 172.30.4.224 255.255.255.224
    domain-name mccormacks.com
    default-router 172.30.4.225
    dns-server 8.8.8.8 8.8.4.4
    lease 7
    !
    !
    no ip bootp server
    no ip domain lookup
    ip domain name chrism.co.uk
    ip name-server 172.30.1.11
    !
    multilink bundle-name authenticated
    !
    !
    !
    username
    archive
    log config
    hidekeys
    !
    !
    !
    !
    ip ssh time-out 60
    ip ssh authentication-retries 2
    ip ssh version 1
    !
    !
    buffers small initial 100
    buffers middle initial 50
    buffers big initial 110
    !
    !
    !
    interface ATM0/0
    description ***** Connected To TalkTalk *****
    no ip address
    no ip redirects
    no ip unreachables
    no ip mroute-cache
    no atm ilmi-keepalive
    dsl operating-mode auto
    clock rate aal5 5300000
    hold-queue 224 in
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0/0
    description ***** Connected To INternet *****
    SHUTDOWN
    !
    interface FastEthernet0/1
    description ***** Connected To LAN *****
    ip address 172.30.4.225 255.255.255.224
    no ip redirects
    no ip unreachables
    ip nat inside
    ip virtual-reassembly
    no ip mroute-cache
    speed auto
    full-duplex
    no cdp enable
    !
    interface Dialer1
    ip address negotiated
    no ip redirects
    no ip unreachables
    ip mtu 1492
    ip inspect talktalk out
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer idle-timeout 0 either
    dialer persistent
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname (My Username )
    ppp chap password (My Password )
    ppp ipcp dns request
    ppp ipcp address accept
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    ip http secure-server
    ip nat inside source list 112 interface FastEthernet0/0 overload
    ip nat inside source list 113 interface Dialer1 overload
    !
    access-list 110 remark inbound access list
    access-list 110 permit ip host 195.166.158.63 any
    access-list 110 permit ip 213.160.0.0 0.0.255.255 any
    access-list 110 permit udp any any eq bootpc
    access-list 110 deny ip any any
    access-list 112 permit ip 172.30.4.224 0.0.0.31 any
    access-list 112 deny ip any any
    access-list 113 permit ip 172.30.4.224 0.0.0.31 any
    access-list 113 deny ip any any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    exec-timeout 5 0
    login local
    transport output telnet ssh
    line aux 0
    line vty 0 4
    exec-timeout 5 0
    password
    login local
    transport input telnet ssh
    transport output telnet ssh
    !
    scheduler allocate 4000 1000
    !
    end



    If i load this config on the router and reload I can route all traffic over the TalkTalk interface ( Dialer1 ), as soon as i paste this config onto interface fa0/0

    ip address dhcp
    ip access-group 110 in
    no ip redirects
    no ip unreachables
    ip inspect virginmedia out
    ip nat outside
    ip virtual-reassembly
    no ip mroute-cache
    speed auto
    full-duplex
    no cdp enable


    and bring the interface up i lose the routing over the TalkTalk ( Dialer1) even with static routes in the routing table.

    What i have noticed is wheni do a SH IP INT BRI

    CMCHome#sh ip int bri
    Interface IP-Address OK? Method Status Protocol
    ATM0/0 unassigned YES NVRAM down down
    FastEthernet0/0 unassigned YES DHCP administratively down down
    FastEthernet0/1 172.30.4.225 YES NVRAM up up
    NVI0 unassigned YES unset administratively down down
    Virtual-Access1 unassigned YES unset up up
    Virtual-Access2 unassigned YES unset down down
    Dialer1 unassigned YES IPCP up up


    when it is working NVI0 is up / up and when it not working the internet is admin down ???????

    Comment


    • #3
      Re: Help With Nat on 2 interfaces

      Hi,

      I think what is happening is that the default gatway is being inserted by dhcp on the interface FastEthernet0/0

      try the following

      conf t
      interface FastEthernet0/0
      no ip dhcp client request router
      This will stop the router requesting a default gateway when it does dhcp

      Comment


      • #4
        Re: Help With Nat on 2 interfaces

        Also

        you will have to either shut, no shut the interface or do:

        release dhcp fastEthernet0/0
        renew dhcp fastEthernet0/0

        To verify do show dhcp lease which will show the defualt router (in red) before, and it should not be in there after.

        router#sh dhcp lease
        Temp IP addr: 143.54.21.61 for peer on Interface: FastEthernet0
        Temp sub net mask: 255.255.252.0
        DHCP Lease server: 62.253.131.41, state: 5 Bound
        DHCP transaction id: DFD
        Lease: 604800 secs, Renewal: 302400 secs, Rebind: 529200 secs
        Temp default-gateway addr: 143.54.21.1
        Next timer fires after: 3d11h
        Retry count: 0 Client-ID: 0004.dd0c.4cf7
        Client-ID hex dump: 0004DD0C4CF7
        Hostname: router

        Comment


        • #5
          Re: Help With Nat on 2 interfaces

          no ip dhcp client request router - Will work to stop the default route.

          Try this:

          Equal Cost Statics:


          ip route 0.0.0.0 0.0.0.0 fa0/0
          ip route 0.0.0.0 0.0.0.0 dialer1


          route-map Ethernet permit 10
          match ip address 112
          match interface fa0/0

          route-map DSL permit 10
          match ip address 112
          match interface dialer1



          ip nat inside source route-map Ethernet interface fa0/0 overload
          ip nat inside source route-map DSL interface dialer1 overload


          This should let you load balance both connections.
          Last edited by auglan; 3rd March 2012, 02:37.
          CCNA, CCNA-Security, CCNP
          CCIE Security (In Progress)

          Comment


          • #6
            Re: Help With Nat on 2 interfaces

            Just to add I am not sure why the default route from the ISP was even causing an issue as that route should be given to you with a AD of 254. Your statics have an AD of 1.

            Also this really isn't load balancing per say more like multi-homing. With cisco the underlying switching mechanism (CEF) handles load balancing not the routing process. CEF by default uses per destination load balancing. So what you should see traffic going to one destination will continue to be forwarded over the same patch.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment

            Working...
            X