Two ethernet Interfaces want to use one as a backup different ISP's

Discussion in 'Cisco' started by jmnjazzy566@ICQMAIL.COM, Sep 25, 2006.

  1. Guest

    I am trying to configure 2 ethernet ports on my cisco 1811 router to
    give my LAN intenet access, however I only want one of them to come up
    if the other goes down. I tryed setting up a FE1 as the backup to FE0
    using the backup interface command however I don't know how to make NAT
    work with 2 differant IP schemes. I also tryed static routes but Im not
    sure Im doing it correctly. Im fairly new to cisco so please excuse me
    for being clueless. Any help would be appreciated. Detailed help
    needed.

    !This is the running config of the router: 10.10.10.1
    !----------------------------------------------------------------------------
    !version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname SOV5Router
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 $1$jY6z$GqAgnImA0OOY7QCb2oLQK/
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PCTime -5
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    no ip source-route
    !
    !
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1
    !
    ip dhcp pool sdm-pool1
    import all
    network 10.10.10.0 255.255.255.0
    dns-server 192.168.100.3 192.168.0.1
    default-router 10.10.10.1
    !
    !
    ip tcp synwait-time 10
    no ip bootp server
    ip domain name yourdomain.com
    ip name-server 192.168.100.3
    ip name-server 192.168.0.1
    ip ssh time-out 60
    ip ssh authentication-retries 2
    ip inspect log drop-pkt
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 netshow
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    ip inspect name sdm_ins_in_100 cuseeme
    ip inspect name sdm_ins_in_100 dns
    ip inspect name sdm_ins_in_100 ftp
    ip inspect name sdm_ins_in_100 h323
    ip inspect name sdm_ins_in_100 https
    ip inspect name sdm_ins_in_100 icmp
    ip inspect name sdm_ins_in_100 imap
    ip inspect name sdm_ins_in_100 pop3
    ip inspect name sdm_ins_in_100 netshow
    ip inspect name sdm_ins_in_100 rcmd
    ip inspect name sdm_ins_in_100 realaudio
    ip inspect name sdm_ins_in_100 rtsp
    ip inspect name sdm_ins_in_100 esmtp
    ip inspect name sdm_ins_in_100 sqlnet
    ip inspect name sdm_ins_in_100 streamworks
    ip inspect name sdm_ins_in_100 tftp
    ip inspect name sdm_ins_in_100 tcp
    ip inspect name sdm_ins_in_100 udp
    ip inspect name sdm_ins_in_100 vdolive
    !
    !
    crypto pki trustpoint TP-self-signed-2450486519
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2450486519
    revocation-check none
    rsakeypair TP-self-signed-2450486519
    !
    !
    crypto pki certificate chain TP-self-signed-2450486519
    certificate self-signed 01
    3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101
    04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
    43657274
    69666963 6174652D 32343530 34383635 3139301E 170D3036 30393232
    31353237
    32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504
    03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32
    34353034
    38363531 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030
    81890281
    8100D386 5F012672 CAC8CA3F 06F6FA3F 98E23292 412D3518 24520A82
    1F61C217
    432F3753 14064218 94ED1022 9C373EC4 6542657F CCD10622 8112E207
    DB29B830
    93BAF7E4 418428A6 3036D3CD 9A7330BC AC0BDEEF 6BBE6165 E99C1102
    B1763F3A
    8B700B48 1099479B 54A1DD4E 52A94E33 2D4EFF2E 4EF8A8FE 6B7D0E5D
    95927E58
    33650203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF
    30220603
    551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E
    2E636F6D
    301F0603 551D2304 18301680 14A3FCD2 90E9CA1C 83DBCAC8 9802C2A8
    45DC47AB
    19301D06 03551D0E 04160414 A3FCD290 E9CA1C83 DBCAC898 02C2A845
    DC47AB19
    300D0609 2A864886 F70D0101 04050003 8181009C 3AB92724 D6E6DFDA
    857EFA05
    925B0367 4F4C8955 50EDA051 DA258498 E9A45085 F4D644F5 B66E8FA5
    0751A8BE
    6395D03E B2EC063E 7F2D45E1 7E14231D 861B7C1C B3CC3AAA A8791C64
    318D948C
    5C760163 C518FC20 75A0C733 4CE0E0D0 C0B7678C 2EDCD520 8B730DD1
    2435060A
    B4333B8C C0CB622C FB4F1A1B 11AEBCB6 232432
    quit
    username gba privilege 15 secret 5 $1$JXH5$1jzFgQmcOCnXZtJJybLx..
    !
    !
    class-map match-any sdm_p2p_kazaa
    match protocol fasttrack
    match protocol kazaa2
    class-map match-any sdm_p2p_edonkey
    match protocol edonkey
    class-map match-any sdm_p2p_gnutella
    match protocol gnutella
    class-map match-any sdm_p2p_bittorrent
    match protocol bittorrent
    !
    !
    policy-map sdmappfwp2p_SDM_HIGH
    class sdm_p2p_gnutella
    drop
    class sdm_p2p_bittorrent
    drop
    class sdm_p2p_edonkey
    drop
    class sdm_p2p_kazaa
    drop
    !
    !
    !
    !
    !
    !
    interface FastEthernet0
    description $ES_WAN$$FW_OUTSIDE$
    ip address dhcp client-id FastEthernet0
    ip access-group 101 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip inspect DEFAULT100 out
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface FastEthernet1
    description $ETH-WAN$$FW_INSIDE$
    ip address dhcp client-id FastEthernet1
    ip access-group 102 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    !
    interface FastEthernet5
    !
    interface FastEthernet6
    !
    interface FastEthernet7
    !
    interface FastEthernet8
    !
    interface FastEthernet9
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_OUTSIDE$
    ip address 10.10.10.1 255.255.255.0
    ip access-group 103 in
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip inspect sdm_ins_in_100 in
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    interface Async1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation slip
    !
    ip route 192.168.0.1 255.255.255.255 FastEthernet1 100
    ip route 192.168.100.3 255.255.255.255 FastEthernet0
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat pool e1 10.10.11.0 10.10.11.255 netmask 255.255.255.0
    ip nat pool e0 10.10.12.0 10.10.12.255 netmask 255.255.255.0
    ip nat inside source list 1 interface FastEthernet0 overload
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 2 remark Backup
    access-list 2 remark SDM_ACL Category=2
    access-list 2 permit 10.10.10.0 0.0.0.255
    access-list 100 remark auto generated by Cisco SDM Express firewall
    configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark auto generated by Cisco SDM Express firewall
    configuration
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit udp host 192.168.0.1 eq domain any
    access-list 101 permit udp host 192.168.100.3 eq domain any
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 deny ip 10.10.10.0 0.0.0.255 any
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip any any
    access-list 102 remark auto generated by SDM firewall configuration
    access-list 102 remark SDM_ACL Category=1
    access-list 102 permit udp host 192.168.0.1 eq domain any
    access-list 102 deny ip 10.10.10.0 0.0.0.255 any
    access-list 102 permit ip any any
    access-list 102 deny ip host 255.255.255.255 any
    access-list 102 deny ip 127.0.0.0 0.255.255.255 any
    access-list 102 permit udp any eq domain any
    access-list 103 permit ip any any
    access-list 110 remark for backup interface
    access-list 110 remark SDM_ACL Category=2
    access-list 110 permit ip 10.10.10.0 0.0.0.255 any
    no cdp run
    !
    !
    !
    !
    !
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    transport output telnet
    line 1
    modem InOut
    stopbits 1
    speed 115200
    flowcontrol hardware
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    line vty 5 15
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler allocate 4000 1000
    scheduler interval 500
    !
    webvpn context Default_context
    ssl authenticate verify all
    !
    no inservice
    !
    end
    , Sep 25, 2006
    #1
    1. Advertising

  2. daniel-fr Guest

    Hi Jmn,
    Did you try adding a line :
    ip nat inside source list 1 interface FastEthernet1 overload

    ???
    You can have both I guess, each is specific to an interface
    Sounds like almost all your config is made with sdm , right ?
    I don't think it is necessary to have different acl for both
    interfaces.
    I better make it step by step :
    1/ have both interfaces coming up and see what happens with "show ip
    cache"
    You should have routes on the 2 of them

    2/ try to setup one as a backup for the other, but I think it will
    depend on the status of the modem which can still be up while its
    connection is down. So, due to the dhcp lease your interface will never
    get down
    Try the 1st point and let me know, I'll think of the 2nd while in the
    train back to home
    Unless meanwhile somebody else has an idea.

    Daniel


    wrote:
    > I am trying to configure 2 ethernet ports on my cisco 1811 router to
    > give my LAN intenet access, however I only want one of them to come up
    > if the other goes down. I tryed setting up a FE1 as the backup to FE0
    > using the backup interface command however I don't know how to make NAT
    > work with 2 differant IP schemes. I also tryed static routes but Im not
    > sure Im doing it correctly. Im fairly new to cisco so please excuse me
    > for being clueless. Any help would be appreciated. Detailed help
    > needed.
    >
    > !This is the running config of the router: 10.10.10.1
    > !----------------------------------------------------------------------------
    > !version 12.4
    > no service pad
    > service tcp-keepalives-in
    > service tcp-keepalives-out
    > service timestamps debug datetime msec localtime show-timezone
    > service timestamps log datetime msec localtime show-timezone
    > service password-encryption
    > service sequence-numbers
    > !
    > hostname SOV5Router
    > !
    > boot-start-marker
    > boot-end-marker
    > !
    > security authentication failure rate 3 log
    > security passwords min-length 6
    > logging buffered 51200 debugging
    > logging console critical
    > enable secret 5 $1$jY6z$GqAgnImA0OOY7QCb2oLQK/
    > !
    > no aaa new-model
    > !
    > resource policy
    > !
    > clock timezone PCTime -5
    > clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    > no ip source-route
    > !
    > !
    > ip cef
    > no ip dhcp use vrf connected
    > ip dhcp excluded-address 10.10.10.1
    > !
    > ip dhcp pool sdm-pool1
    > import all
    > network 10.10.10.0 255.255.255.0
    > dns-server 192.168.100.3 192.168.0.1
    > default-router 10.10.10.1
    > !
    > !
    > ip tcp synwait-time 10
    > no ip bootp server
    > ip domain name yourdomain.com
    > ip name-server 192.168.100.3
    > ip name-server 192.168.0.1
    > ip ssh time-out 60
    > ip ssh authentication-retries 2
    > ip inspect log drop-pkt
    > ip inspect name DEFAULT100 cuseeme
    > ip inspect name DEFAULT100 ftp
    > ip inspect name DEFAULT100 h323
    > ip inspect name DEFAULT100 icmp
    > ip inspect name DEFAULT100 netshow
    > ip inspect name DEFAULT100 rcmd
    > ip inspect name DEFAULT100 realaudio
    > ip inspect name DEFAULT100 rtsp
    > ip inspect name DEFAULT100 esmtp
    > ip inspect name DEFAULT100 sqlnet
    > ip inspect name DEFAULT100 streamworks
    > ip inspect name DEFAULT100 tftp
    > ip inspect name DEFAULT100 tcp
    > ip inspect name DEFAULT100 udp
    > ip inspect name DEFAULT100 vdolive
    > ip inspect name sdm_ins_in_100 cuseeme
    > ip inspect name sdm_ins_in_100 dns
    > ip inspect name sdm_ins_in_100 ftp
    > ip inspect name sdm_ins_in_100 h323
    > ip inspect name sdm_ins_in_100 https
    > ip inspect name sdm_ins_in_100 icmp
    > ip inspect name sdm_ins_in_100 imap
    > ip inspect name sdm_ins_in_100 pop3
    > ip inspect name sdm_ins_in_100 netshow
    > ip inspect name sdm_ins_in_100 rcmd
    > ip inspect name sdm_ins_in_100 realaudio
    > ip inspect name sdm_ins_in_100 rtsp
    > ip inspect name sdm_ins_in_100 esmtp
    > ip inspect name sdm_ins_in_100 sqlnet
    > ip inspect name sdm_ins_in_100 streamworks
    > ip inspect name sdm_ins_in_100 tftp
    > ip inspect name sdm_ins_in_100 tcp
    > ip inspect name sdm_ins_in_100 udp
    > ip inspect name sdm_ins_in_100 vdolive
    > !
    > !
    > crypto pki trustpoint TP-self-signed-2450486519
    > enrollment selfsigned
    > subject-name cn=IOS-Self-Signed-Certificate-2450486519
    > revocation-check none
    > rsakeypair TP-self-signed-2450486519
    > !
    > !
    > crypto pki certificate chain TP-self-signed-2450486519
    > certificate self-signed 01
    > 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101
    > 04050030
    > 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
    > 43657274
    > 69666963 6174652D 32343530 34383635 3139301E 170D3036 30393232
    > 31353237
    > 32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504
    > 03132649
    > 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32
    > 34353034
    > 38363531 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030
    > 81890281
    > 8100D386 5F012672 CAC8CA3F 06F6FA3F 98E23292 412D3518 24520A82
    > 1F61C217
    > 432F3753 14064218 94ED1022 9C373EC4 6542657F CCD10622 8112E207
    > DB29B830
    > 93BAF7E4 418428A6 3036D3CD 9A7330BC AC0BDEEF 6BBE6165 E99C1102
    > B1763F3A
    > 8B700B48 1099479B 54A1DD4E 52A94E33 2D4EFF2E 4EF8A8FE 6B7D0E5D
    > 95927E58
    > 33650203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF
    > 30220603
    > 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E
    > 2E636F6D
    > 301F0603 551D2304 18301680 14A3FCD2 90E9CA1C 83DBCAC8 9802C2A8
    > 45DC47AB
    > 19301D06 03551D0E 04160414 A3FCD290 E9CA1C83 DBCAC898 02C2A845
    > DC47AB19
    > 300D0609 2A864886 F70D0101 04050003 8181009C 3AB92724 D6E6DFDA
    > 857EFA05
    > 925B0367 4F4C8955 50EDA051 DA258498 E9A45085 F4D644F5 B66E8FA5
    > 0751A8BE
    > 6395D03E B2EC063E 7F2D45E1 7E14231D 861B7C1C B3CC3AAA A8791C64
    > 318D948C
    > 5C760163 C518FC20 75A0C733 4CE0E0D0 C0B7678C 2EDCD520 8B730DD1
    > 2435060A
    > B4333B8C C0CB622C FB4F1A1B 11AEBCB6 232432
    > quit
    > username gba privilege 15 secret 5 $1$JXH5$1jzFgQmcOCnXZtJJybLx..
    > !
    > !
    > class-map match-any sdm_p2p_kazaa
    > match protocol fasttrack
    > match protocol kazaa2
    > class-map match-any sdm_p2p_edonkey
    > match protocol edonkey
    > class-map match-any sdm_p2p_gnutella
    > match protocol gnutella
    > class-map match-any sdm_p2p_bittorrent
    > match protocol bittorrent
    > !
    > !
    > policy-map sdmappfwp2p_SDM_HIGH
    > class sdm_p2p_gnutella
    > drop
    > class sdm_p2p_bittorrent
    > drop
    > class sdm_p2p_edonkey
    > drop
    > class sdm_p2p_kazaa
    > drop
    > !
    > !
    > !
    > !
    > !
    > !
    > interface FastEthernet0
    > description $ES_WAN$$FW_OUTSIDE$
    > ip address dhcp client-id FastEthernet0
    > ip access-group 101 in
    > no ip redirects
    > no ip unreachables
    > no ip proxy-arp
    > ip nat outside
    > ip inspect DEFAULT100 out
    > ip virtual-reassembly
    > ip route-cache flow
    > duplex auto
    > speed auto
    > !
    > interface FastEthernet1
    > description $ETH-WAN$$FW_INSIDE$
    > ip address dhcp client-id FastEthernet1
    > ip access-group 102 in
    > no ip redirects
    > no ip unreachables
    > no ip proxy-arp
    > ip nat outside
    > ip virtual-reassembly
    > ip route-cache flow
    > duplex auto
    > speed auto
    > !
    > interface FastEthernet2
    > !
    > interface FastEthernet3
    > !
    > interface FastEthernet4
    > !
    > interface FastEthernet5
    > !
    > interface FastEthernet6
    > !
    > interface FastEthernet7
    > !
    > interface FastEthernet8
    > !
    > interface FastEthernet9
    > !
    > interface Vlan1
    > description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_OUTSIDE$
    > ip address 10.10.10.1 255.255.255.0
    > ip access-group 103 in
    > ip verify unicast reverse-path
    > no ip redirects
    > no ip unreachables
    > no ip proxy-arp
    > ip nat inside
    > ip inspect sdm_ins_in_100 in
    > ip virtual-reassembly
    > ip route-cache flow
    > ip tcp adjust-mss 1452
    > !
    > interface Async1
    > no ip address
    > no ip redirects
    > no ip unreachables
    > no ip proxy-arp
    > encapsulation slip
    > !
    > ip route 192.168.0.1 255.255.255.255 FastEthernet1 100
    > ip route 192.168.100.3 255.255.255.255 FastEthernet0
    > !
    > !
    > ip http server
    > ip http authentication local
    > ip http secure-server
    > ip http timeout-policy idle 60 life 86400 requests 10000
    > ip nat pool e1 10.10.11.0 10.10.11.255 netmask 255.255.255.0
    > ip nat pool e0 10.10.12.0 10.10.12.255 netmask 255.255.255.0
    > ip nat inside source list 1 interface FastEthernet0 overload
    > !
    > logging trap debugging
    > access-list 1 remark INSIDE_IF=Vlan1
    > access-list 1 remark SDM_ACL Category=2
    > access-list 1 permit 10.10.10.0 0.0.0.255
    > access-list 2 remark Backup
    > access-list 2 remark SDM_ACL Category=2
    > access-list 2 permit 10.10.10.0 0.0.0.255
    > access-list 100 remark auto generated by Cisco SDM Express firewall
    > configuration
    > access-list 100 remark SDM_ACL Category=1
    > access-list 100 deny ip host 255.255.255.255 any
    > access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    > access-list 100 permit ip any any
    > access-list 101 remark auto generated by Cisco SDM Express firewall
    > configuration
    > access-list 101 remark SDM_ACL Category=1
    > access-list 101 permit udp host 192.168.0.1 eq domain any
    > access-list 101 permit udp host 192.168.100.3 eq domain any
    > access-list 101 permit udp any eq bootps any eq bootpc
    > access-list 101 deny ip 10.10.10.0 0.0.0.255 any
    > access-list 101 permit icmp any any echo-reply
    > access-list 101 permit icmp any any time-exceeded
    > access-list 101 permit icmp any any unreachable
    > access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    > access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    > access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    > access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    > access-list 101 deny ip host 255.255.255.255 any
    > access-list 101 deny ip any any
    > access-list 102 remark auto generated by SDM firewall configuration
    > access-list 102 remark SDM_ACL Category=1
    > access-list 102 permit udp host 192.168.0.1 eq domain any
    > access-list 102 deny ip 10.10.10.0 0.0.0.255 any
    > access-list 102 permit ip any any
    > access-list 102 deny ip host 255.255.255.255 any
    > access-list 102 deny ip 127.0.0.0 0.255.255.255 any
    > access-list 102 permit udp any eq domain any
    > access-list 103 permit ip any any
    > access-list 110 remark for backup interface
    > access-list 110 remark SDM_ACL Category=2
    > access-list 110 permit ip 10.10.10.0 0.0.0.255 any
    > no cdp run
    > !
    > !
    > !
    > !
    > !
    > !
    > control-plane
    > !
    > banner login ^CAuthorized access only!
    > Disconnect IMMEDIATELY if you are not an authorized user!^C
    > !
    > line con 0
    > login local
    > transport output telnet
    > line 1
    > modem InOut
    > stopbits 1
    > speed 115200
    > flowcontrol hardware
    > line aux 0
    > login local
    > transport output telnet
    > line vty 0 4
    > privilege level 15
    > login local
    > transport input telnet ssh
    > line vty 5 15
    > privilege level 15
    > login local
    > transport input telnet ssh
    > !
    > scheduler allocate 4000 1000
    > scheduler interval 500
    > !
    > webvpn context Default_context
    > ssl authenticate verify all
    > !
    > no inservice
    > !
    > end
    daniel-fr, Sep 25, 2006
    #2
    1. Advertising

  3. Guest

    daniel-fr wrote:
    > Hi Jmn,
    > Did you try adding a line :
    > ip nat inside source list 1 interface FastEthernet1 overload
    >
    > ???
    > You can have both I guess, each is specific to an interface
    > Sounds like almost all your config is made with sdm , right ?
    > I don't think it is necessary to have different acl for both
    > interfaces.
    > I better make it step by step :
    > 1/ have both interfaces coming up and see what happens with "show ip
    > cache"
    > You should have routes on the 2 of them
    >
    > 2/ try to setup one as a backup for the other, but I think it will
    > depend on the status of the modem which can still be up while its
    > connection is down. So, due to the dhcp lease your interface will never
    > get down
    > Try the 1st point and let me know, I'll think of the 2nd while in the
    > train back to home
    > Unless meanwhile somebody else has an idea.
    >
    > Daniel
    >
    >
    > wrote:
    > > I am trying to configure 2 ethernet ports on my cisco 1811 router to
    > > give my LAN intenet access, however I only want one of them to come up
    > > if the other goes down. I tryed setting up a FE1 as the backup to FE0
    > > using the backup interface command however I don't know how to make NAT
    > > work with 2 differant IP schemes. I also tryed static routes but Im not
    > > sure Im doing it correctly. Im fairly new to cisco so please excuse me
    > > for being clueless. Any help would be appreciated. Detailed help
    > > needed.
    > >



    I tried adding the line you recommended but it didnt work. From what I
    understand Cisco NAT can only translate one set of ip addresses in its
    table so what I have set up now is ONE cisco 1811 router with 2 lines
    comming into the FE1/0 ports one is DHCP from the LAN in my office the
    other goes to a D-Link router.(this is only temporary the office I will
    be installing it in has static addresses however they will also be
    differant IP schemes.) Right now Im trying to NAT my VLAN (10.10.10.0)
    to the main line which is 192.168.100.3, then if this line goes down I
    have fastethernet1 should pick up and the ip is 192.168.0.1.... I am
    not sure if I could use any other method than what I am trying to
    resolve this issue... It is a NAT issue correct...or am I doing the
    wrong thing??
    , Sep 25, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter
    Replies:
    2
    Views:
    1,034
  2. Brad B.
    Replies:
    1
    Views:
    644
  3. Replies:
    2
    Views:
    890
    Martin Bilgrav
    Mar 4, 2005
  4. Replies:
    13
    Views:
    1,089
    Martin Bodenstedt
    Oct 31, 2005
  5. Jonas Hamre
    Replies:
    2
    Views:
    588
Loading...

Share This Page