SpeedyDude
IS-IT--Management
I have a remote 2811 with 2 ISP connections. I want to set this up to failover if one goes down, so I have 2 big issues. First issue, F0/0 and F0/1 can't seem to be active at one time. They show active, but you can not get to F0/1 from the outside until F0/0 is unplugged from the 2811. Second issue, if F0/0 goes down, I need for F0/1 to be able to NAT the traffic from the local LAN so they can access the internet. I am also using GRE tunnels to connect to my coroporate office for VPN. There are still a few CME pieces to this configuration, but I deleted most to save space on my post. Please offer any suggestions/criticism to this configuration.
Thanks.
******* CONFIGURATION *********
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TEST37
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
clock timezone CDT -6
clock summer-time CDT recurring
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.137.5.1 10.137.5.10
ip dhcp excluded-address 10.137.1.1 10.137.1.4
!
ip dhcp pool Voice
network 10.137.5.0 255.255.255.0
option 150 ip 10.137.5.1 255.255.255.0
default-router 10.137.5.1
!
ip dhcp pool Data
network 10.137.1.0 255.255.255.0
default-router 10.137.1.1
dns-server 10.1.1.213 24.94.163.34 24.94.165.25
netbios-name-server 10.1.1.200
!
!
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
application
service aa flash:app-b-acd-aa-2.1.0.0.tcl
group-name test
paramspace english language en
paramspace english index 1
paramspace english location flash:
param aa-pilot 3703
param welcome-promt en_bacd_welcome.au
!
!
!
translation-rule 1
Rule 1 any null
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key SECRETKEY address 0.0.0.0 0.0.0.0
crypto isakmp ccm
!
!
crypto ipsec transform-set set1 esp-3des esp-sha-hmac
!
crypto ipsec profile profilename
set transform-set set1
!
!
!
!
!
interface Tunnel1
description HOST DYNAMIC TUNNEL
bandwidth 10000
ip address 172.16.0.37 255.255.255.0
no ip redirects
ip nhrp authentication authvpn
ip nhrp map multicast dynamic
ip nhrp map multicast 64.66.66.66
ip nhrp map 172.16.0.1 64.66.66.66
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 172.16.0.1
ip tcp adjust-mss 1300
no ip mroute-cache
ip ospf network broadcast
ip ospf mtu-ignore
delay 1000
cdp enable
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile profilename
!
interface Tunnel2
description HOST DYNAMIC TUNNEL
bandwidth 1000
ip address 172.16.1.37 255.255.255.0
no ip redirects
ip nhrp authentication authvpn
ip nhrp map multicast dynamic
ip nhrp map 172.16.1.1 66.49.49.49
ip nhrp map multicast 66.49.49.49
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 172.16.1.1
ip tcp adjust-mss 1300
no ip mroute-cache
ip ospf network broadcast
ip ospf priority 0
delay 1000
cdp enable
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile profilename
!
interface Loopback1
ip address 192.168.137.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
ip address 67.53.53.53 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 68.167.88.88 255.255.255.248
ip access-group 120 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/1
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/2
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/3
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/4
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/5
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/6
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/7
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/8
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/9
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/10
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/11
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/12
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/13
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/14
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/15
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface Vlan1
no ip address
!
interface Vlan5
ip address 10.137.5.1 255.255.255.0
!
interface Vlan137
ip address 10.137.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
!
router ospf 1
log-adjacency-changes
no discard-route external
network 10.137.0.0 0.0.255.255 area 0
network 172.16.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 67.53.53.49
ip route 64.66.66.66 255.255.255.255 67.53.53.49
ip route 66.49.49.49 255.255.255.255 67.53.53.49
ip route 64.66.66.66 255.255.255.255 68.167.88.87
ip route 66.49.49.49 255.255.255.255 68.167.88.87
!
!
ip http server
ip http authentication local
ip http secure-server
ip http path flash:
ip nat source route-map inet interface FastEthernet0/1 overload
ip nat inside source route-map inet interface FastEthernet0/0 overload
!
access-list 100 deny ip 10.137.0.0 0.0.255.255 10.1.0.0 0.0.255.255
access-list 100 deny ip 172.16.0.0 0.0.255.255 any
access-list 100 permit ip 10.137.0.0 0.0.255.255 any
access-list 120 permit ip any any
!
route-map inet permit 10
match ip address 100
!
!
!
tftp-server flash
00403020214.bin
tftp-server flash00305000600.bin
tftp-server flash00305000600.sbn
tftp-server flash:app-b-acd-aa-2.1.0.0.tcl
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password 7 XXXXXXXXXXXXXX
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179976
ntp master
ntp server 192.43.244.18
ntp server 204.34.198.40
!
end
Thanks.
******* CONFIGURATION *********
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TEST37
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
clock timezone CDT -6
clock summer-time CDT recurring
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.137.5.1 10.137.5.10
ip dhcp excluded-address 10.137.1.1 10.137.1.4
!
ip dhcp pool Voice
network 10.137.5.0 255.255.255.0
option 150 ip 10.137.5.1 255.255.255.0
default-router 10.137.5.1
!
ip dhcp pool Data
network 10.137.1.0 255.255.255.0
default-router 10.137.1.1
dns-server 10.1.1.213 24.94.163.34 24.94.165.25
netbios-name-server 10.1.1.200
!
!
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
application
service aa flash:app-b-acd-aa-2.1.0.0.tcl
group-name test
paramspace english language en
paramspace english index 1
paramspace english location flash:
param aa-pilot 3703
param welcome-promt en_bacd_welcome.au
!
!
!
translation-rule 1
Rule 1 any null
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key SECRETKEY address 0.0.0.0 0.0.0.0
crypto isakmp ccm
!
!
crypto ipsec transform-set set1 esp-3des esp-sha-hmac
!
crypto ipsec profile profilename
set transform-set set1
!
!
!
!
!
interface Tunnel1
description HOST DYNAMIC TUNNEL
bandwidth 10000
ip address 172.16.0.37 255.255.255.0
no ip redirects
ip nhrp authentication authvpn
ip nhrp map multicast dynamic
ip nhrp map multicast 64.66.66.66
ip nhrp map 172.16.0.1 64.66.66.66
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 172.16.0.1
ip tcp adjust-mss 1300
no ip mroute-cache
ip ospf network broadcast
ip ospf mtu-ignore
delay 1000
cdp enable
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile profilename
!
interface Tunnel2
description HOST DYNAMIC TUNNEL
bandwidth 1000
ip address 172.16.1.37 255.255.255.0
no ip redirects
ip nhrp authentication authvpn
ip nhrp map multicast dynamic
ip nhrp map 172.16.1.1 66.49.49.49
ip nhrp map multicast 66.49.49.49
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 172.16.1.1
ip tcp adjust-mss 1300
no ip mroute-cache
ip ospf network broadcast
ip ospf priority 0
delay 1000
cdp enable
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile profilename
!
interface Loopback1
ip address 192.168.137.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
ip address 67.53.53.53 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 68.167.88.88 255.255.255.248
ip access-group 120 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/1
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/2
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/3
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/4
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/5
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/6
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/7
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/8
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/9
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/10
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/11
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/12
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/13
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/14
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet1/15
switchport trunk native vlan 137
switchport mode trunk
switchport voice vlan 5
no ip address
spanning-tree portfast
!
interface Vlan1
no ip address
!
interface Vlan5
ip address 10.137.5.1 255.255.255.0
!
interface Vlan137
ip address 10.137.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
!
router ospf 1
log-adjacency-changes
no discard-route external
network 10.137.0.0 0.0.255.255 area 0
network 172.16.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 67.53.53.49
ip route 64.66.66.66 255.255.255.255 67.53.53.49
ip route 66.49.49.49 255.255.255.255 67.53.53.49
ip route 64.66.66.66 255.255.255.255 68.167.88.87
ip route 66.49.49.49 255.255.255.255 68.167.88.87
!
!
ip http server
ip http authentication local
ip http secure-server
ip http path flash:
ip nat source route-map inet interface FastEthernet0/1 overload
ip nat inside source route-map inet interface FastEthernet0/0 overload
!
access-list 100 deny ip 10.137.0.0 0.0.255.255 10.1.0.0 0.0.255.255
access-list 100 deny ip 172.16.0.0 0.0.255.255 any
access-list 100 permit ip 10.137.0.0 0.0.255.255 any
access-list 120 permit ip any any
!
route-map inet permit 10
match ip address 100
!
!
!
tftp-server flash
00403020214.bintftp-server flash
00305000600.bintftp-server flash
00305000600.sbntftp-server flash:app-b-acd-aa-2.1.0.0.tcl
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password 7 XXXXXXXXXXXXXX
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179976
ntp master
ntp server 192.43.244.18
ntp server 204.34.198.40
!
end
