Hi All,
We have a cisco 1841 connected to 2 different ISP's, the original provided me we a /28 (connected to dialer 2) and the second has now given me a /29 (connected to dialer 1).
The original /29 is configured for STD routing, and I NAT outbound connections to the second ISP.
This appears fine and load sharing between the 2 links.
It would appear as though we have a problem with async routing though. If I ping the web server remotely I am getting alternate dropped packets.
Do I need to do NAT on both the external interfaces, or can specify that inbound connections will reply via the same interface?
If you could look over the config and offer any advice I would appreciate it.
Building configuration...
Current configuration : 4013 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname c1841-1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxx
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ETH-LAN$
ip address xx.xx.103.161 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description Zen$FW_OUTSIDE$$ES_WAN$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
description Demon
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname private
ppp chap password 7 private
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp authentication chap callin
ppp chap hostname private
ppp chap password 7 private
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 2 interface Dialer0 overload
!
logging trap debugging
access-list 2 permit xx.xx.103.160 0.0.0.15
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
control-plane
!
end
We have a cisco 1841 connected to 2 different ISP's, the original provided me we a /28 (connected to dialer 2) and the second has now given me a /29 (connected to dialer 1).
The original /29 is configured for STD routing, and I NAT outbound connections to the second ISP.
This appears fine and load sharing between the 2 links.
It would appear as though we have a problem with async routing though. If I ping the web server remotely I am getting alternate dropped packets.
Do I need to do NAT on both the external interfaces, or can specify that inbound connections will reply via the same interface?
If you could look over the config and offer any advice I would appreciate it.
Building configuration...
Current configuration : 4013 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname c1841-1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxx
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ETH-LAN$
ip address xx.xx.103.161 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description Zen$FW_OUTSIDE$$ES_WAN$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
description Demon
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname private
ppp chap password 7 private
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp authentication chap callin
ppp chap hostname private
ppp chap password 7 private
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 2 interface Dialer0 overload
!
logging trap debugging
access-list 2 permit xx.xx.103.160 0.0.0.15
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
control-plane
!
end