COMPUTERTECH33
IS-IT--Management
Help..hehe.
I have a 1750 router that uses a dial backup when the E0 goes down. With the following configuration, I can ping the Internet from the client attached to the 1750 via a Fasthub 400. I can ping by ip and FQDN. But I cannot browse. If I hook up to our internal network instead of the Fasthub 400, I browse fine, so I know it isn't a client or IE issue.
Also, if I get this to work, how can I have the NAT work for the dial backup and E0 ? To get traffic to go outside my internal network, i changed E0 to Async5 in the following statement. Do I use a NAT pool, or can I have two statements that allow E0 to be NATed when the interface is up and allow Async5 to be NATed when E0 is down?
ip nat inside source route-map nonat interface Async5 overload
test#sh run
Building configuration...
Current configuration : 4007 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname test
!
no logging on
enable password 7 xxx
!
username gvs17rt01tc password 7 xxxx
username gvs17rt02ec password 7 xxx
username tor01rt02ec password 7 xxx
username test password 7 xxx
memory-size iomem 20
ip subnet-zero
no ip finger
ip tcp chunk-size 1200
no ip domain-lookup
ip host test 2005 192.168.17.1
ip dhcp excluded-address 192.168.17.1 192.168.17.20
!
ip dhcp pool test
import all
network 192.168.17.0 255.255.255.0
default-router 192.168.17.1
domain-name xxxxxxxxxx
dns-server 172.17.2.60 public DNS server
netbios-name-server 172.17.2.60 172.17.2.30
netbios-node-type h-node
lease 30
!
ip dhcp pool jdirect1
host 192.168.16.18 255.255.255.0
hardware-address 0010.8394.7e2a
client-name NPI947E2A
!
chat-script modem ABORT ERROR "" "ATDT\T" TIMEOUT 60 CONNECT \c
!
!
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key xxxxxxxxxx address xxxx
!
!
crypto ipsec transform-set sharks esp-des esp-md5-hmac
!
crypto map nolan 11 ipsec-isakmp
set peer xxxxx
set transform-set sharks
match address 121
!
!
!
!
interface Ethernet0
backup delay 10 60
backup interface Async5
ip address xxxxxxxxxxxx 255.255.255.248
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map nolan
!
interface FastEthernet0
ip address 192.168.17.1 255.255.255.0
ip helper-address 172.17.2.30
ip helper-address 172.17.2.255
ip helper-address 172.17.255.255
ip helper-address 172.16.255.255
ip directed-broadcast
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
!
interface Async5
ip address 170.1.1.16 255.255.0.0
encapsulation ppp
keepalive 10
dialer in-band
dialer idle-timeout 300
dialer string xxxxxxxxxxx
dialer-group 1
fair-queue 64 16 0
ppp authentication chap
!
interface Dialer1
no ip address
no cdp enable
!
ip nat inside source route-map nonat interface Async5 overload
ip kerberos source-interface any
ip classless
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip forward-protocol udp netbios-ss
ip forward-protocol udp 42508
ip route 0.0.0.0 0.0.0.0 xxxxxxxx...Ip of E0
ip route 0.0.0.0 0.0.0.0 Async5 200
no ip http server
!
no logging trap
logging facility local0
logging 172.17.1.31
access-list 3 permit any
access-list 110 deny ip 192.168.17.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 110 deny ip 192.168.17.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 110 permit ip 192.168.17.0 0.0.0.255 any
access-list 120 permit ip 192.168.17.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 120 permit ip 192.168.17.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 121 permit ip 192.168.17.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 121 permit ip 192.168.17.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 150 permit esp host xxxxxxx host 0.0.0.0
access-list 150 permit udp host xxxxxxx host 0.0.0.0 eq isakmp
access-list 150 permit ip any 192.168.16.0 0.0.0.255
access-list 150 permit ip any 192.168.17.0 0.0.0.255
priority-list 1 protocol ip high
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 110
!
snmp-server engineID local xxxxxxxxxxxxxx
snmp-server community xxxx RO
banner motd ^CCC
xxxxxxxxxxx
Unauthorized access is prohibited
Violators will be prosecuted
xxxxxxxxxx
^C
!
line con 0
password 7 xxxxxxx
login
transport input none
line aux 0
password 7 xxxxxxxxxxxx
autoselect ppp
modem InOut
modem autoconfigure discovery
transport input all
autohangup
speed 115200
flowcontrol hardware
line vty 0 4
access-class 3 in
password 7 xxxxxxxxxxx
login
!
end
I have a 1750 router that uses a dial backup when the E0 goes down. With the following configuration, I can ping the Internet from the client attached to the 1750 via a Fasthub 400. I can ping by ip and FQDN. But I cannot browse. If I hook up to our internal network instead of the Fasthub 400, I browse fine, so I know it isn't a client or IE issue.
Also, if I get this to work, how can I have the NAT work for the dial backup and E0 ? To get traffic to go outside my internal network, i changed E0 to Async5 in the following statement. Do I use a NAT pool, or can I have two statements that allow E0 to be NATed when the interface is up and allow Async5 to be NATed when E0 is down?
ip nat inside source route-map nonat interface Async5 overload
test#sh run
Building configuration...
Current configuration : 4007 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname test
!
no logging on
enable password 7 xxx
!
username gvs17rt01tc password 7 xxxx
username gvs17rt02ec password 7 xxx
username tor01rt02ec password 7 xxx
username test password 7 xxx
memory-size iomem 20
ip subnet-zero
no ip finger
ip tcp chunk-size 1200
no ip domain-lookup
ip host test 2005 192.168.17.1
ip dhcp excluded-address 192.168.17.1 192.168.17.20
!
ip dhcp pool test
import all
network 192.168.17.0 255.255.255.0
default-router 192.168.17.1
domain-name xxxxxxxxxx
dns-server 172.17.2.60 public DNS server
netbios-name-server 172.17.2.60 172.17.2.30
netbios-node-type h-node
lease 30
!
ip dhcp pool jdirect1
host 192.168.16.18 255.255.255.0
hardware-address 0010.8394.7e2a
client-name NPI947E2A
!
chat-script modem ABORT ERROR "" "ATDT\T" TIMEOUT 60 CONNECT \c
!
!
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key xxxxxxxxxx address xxxx
!
!
crypto ipsec transform-set sharks esp-des esp-md5-hmac
!
crypto map nolan 11 ipsec-isakmp
set peer xxxxx
set transform-set sharks
match address 121
!
!
!
!
interface Ethernet0
backup delay 10 60
backup interface Async5
ip address xxxxxxxxxxxx 255.255.255.248
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map nolan
!
interface FastEthernet0
ip address 192.168.17.1 255.255.255.0
ip helper-address 172.17.2.30
ip helper-address 172.17.2.255
ip helper-address 172.17.255.255
ip helper-address 172.16.255.255
ip directed-broadcast
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
!
interface Async5
ip address 170.1.1.16 255.255.0.0
encapsulation ppp
keepalive 10
dialer in-band
dialer idle-timeout 300
dialer string xxxxxxxxxxx
dialer-group 1
fair-queue 64 16 0
ppp authentication chap
!
interface Dialer1
no ip address
no cdp enable
!
ip nat inside source route-map nonat interface Async5 overload
ip kerberos source-interface any
ip classless
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip forward-protocol udp netbios-ss
ip forward-protocol udp 42508
ip route 0.0.0.0 0.0.0.0 xxxxxxxx...Ip of E0
ip route 0.0.0.0 0.0.0.0 Async5 200
no ip http server
!
no logging trap
logging facility local0
logging 172.17.1.31
access-list 3 permit any
access-list 110 deny ip 192.168.17.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 110 deny ip 192.168.17.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 110 permit ip 192.168.17.0 0.0.0.255 any
access-list 120 permit ip 192.168.17.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 120 permit ip 192.168.17.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 121 permit ip 192.168.17.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 121 permit ip 192.168.17.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 150 permit esp host xxxxxxx host 0.0.0.0
access-list 150 permit udp host xxxxxxx host 0.0.0.0 eq isakmp
access-list 150 permit ip any 192.168.16.0 0.0.0.255
access-list 150 permit ip any 192.168.17.0 0.0.0.255
priority-list 1 protocol ip high
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 110
!
snmp-server engineID local xxxxxxxxxxxxxx
snmp-server community xxxx RO
banner motd ^CCC
xxxxxxxxxxx
Unauthorized access is prohibited
Violators will be prosecuted
xxxxxxxxxx
^C
!
line con 0
password 7 xxxxxxx
login
transport input none
line aux 0
password 7 xxxxxxxxxxxx
autoselect ppp
modem InOut
modem autoconfigure discovery
transport input all
autohangup
speed 115200
flowcontrol hardware
line vty 0 4
access-class 3 in
password 7 xxxxxxxxxxx
login
!
end
