Hi,
I'm trying to load balance over 3 dsl lines, of which 1 is from one ISP and 2 are from another. I have read several threads on this forum regarding this, that mention CEF should be enough because all dsl link have the same bandwidth, and have used the examples to get this far. However, when i get to the point where I add another DG pointing to another interface, I lose internet connectivity.
I've included the working config below. I'm trying to load-balance across Dialers 11, 12 and 13. Any help in pointing out my mistakes is greatly appreciated:
Current configuration : 6726 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ****************
!
boot-start-marker
boot system flash:c2800nm-advipservicesk9-mz.124-10.bin
boot-end-marker
!
enable secret 5 $1$bf5B$XzLT3AHokyOzpXqvAr9Fh.
!
no aaa new-model
!
!
ip cef
!
!
ip domain name ********
ip name-server 213.208.106.212
ip name-server 213.208.106.213
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2264549474
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2264549474
revocation-check none
rsakeypair TP-self-signed-2264549474
!
!
crypto pki certificate chain TP-self-signed-2264549474
certificate self-signed 01
3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323634 35343934 3734301E 170D3037 30373233 31373438
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32363435
34393437 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B6F8 F45E3590 6610B0DC D2C74689 1D390C90 365E5260 42DB670B A5B406ED
69D18A0D B33849A8 2A8932A9 F900A1AF FE41F2F6 39A6D926 744EF712 BF9F63BD
0296E41B CE329E73 5DE549AC C6E0F56D 2BD3C375 D5608048 E8763559 8E16CFE5
1B1C7DCF 07F0EE6B 344D9911 2545473D 99EA7EDB B6F3771D CCDDB4B9 9199B185
471F0203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
03551D11 04253023 8221526F 6F666C69 6768745F 53686970 746F6E2E 726F6F66
quit
username ********** privilege 15 secret 5 $1$qoVo$CoUzvQyMIrI8k4phYx0yb/
username ********** privilege 15 secret 5 $1$4UGx$.SYpW1f1Xq10MhGeDdTF40
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key *********99 address 82.133.89.***
!
!
crypto ipsec transform-set roofset esp-des esp-md5-hmac
!
crypto map ********** 1 ipsec-isakmp
set peer 82.133.89.***
set transform-set roofset
match address 116
!
!
!
!
interface FastEthernet0/0
ip address 195.72.181.** 255.255.255.248 secondary
ip address 192.168.0.99 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map vantage_srv
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 11
!
!
interface ATM0/1/0
no ip address
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 12
!
!
interface ATM0/2/0
no ip address
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 13
!
!
interface ATM0/3/0
no ip address
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 14
!
!
interface Dialer11
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
logging event subif-link-status
dialer pool 11
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname adsl00321@community
ppp chap password 0 **********
!
interface Dialer12
ip address 88.97.251.** 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
logging event subif-link-status
dialer pool 12
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname zen145609@zen
ppp chap password 0 **********
!
interface Dialer13
ip address 88.97.251.*** 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
logging event subif-link-status
dialer pool 13
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname zen145610@zen
ppp chap password 0 **********
crypto map rooflight
!
interface Dialer14
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
logging event subif-link-status
dialer pool 14
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname rooflight-adsl03@community
ppp chap password 0 **********
!
ip route 0.0.0.0 0.0.0.0 Dialer11
ip route 192.168.10.0 255.255.255.0 Dialer13
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map dsl1 interface Dialer12 overload
ip nat inside source route-map dsl2 interface Dialer13 overload
ip nat inside source route-map nonat interface Dialer11 overload
!
ip access-list extended remote_access
!
access-list 110 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
access-list 112 permit ip 192.168.0.0 0.0.0.255 any
access-list 116 permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 198 permit tcp host 192.168.0.3 eq 3389 any
access-list 199 permit tcp host 192.168.0.5 eq 3389 any
dialer-list 11 protocol ip permit
dialer-list 12 protocol ip permit
dialer-list 13 protocol ip permit
dialer-list 14 protocol ip permit
!
route-map rdp_server permit 10
match ip address 199
set interface Dialer14
!
route-map vantage_srv permit 10
match ip address 198
set interface Dialer14
!
route-map dsl2 permit 10
match ip address 112
!
route-map dsl1 permit 10
match ip address 110
!
route-map nonat permit 10
match ip address 110
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
I'm trying to load balance over 3 dsl lines, of which 1 is from one ISP and 2 are from another. I have read several threads on this forum regarding this, that mention CEF should be enough because all dsl link have the same bandwidth, and have used the examples to get this far. However, when i get to the point where I add another DG pointing to another interface, I lose internet connectivity.
I've included the working config below. I'm trying to load-balance across Dialers 11, 12 and 13. Any help in pointing out my mistakes is greatly appreciated:
Current configuration : 6726 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ****************
!
boot-start-marker
boot system flash:c2800nm-advipservicesk9-mz.124-10.bin
boot-end-marker
!
enable secret 5 $1$bf5B$XzLT3AHokyOzpXqvAr9Fh.
!
no aaa new-model
!
!
ip cef
!
!
ip domain name ********
ip name-server 213.208.106.212
ip name-server 213.208.106.213
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2264549474
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2264549474
revocation-check none
rsakeypair TP-self-signed-2264549474
!
!
crypto pki certificate chain TP-self-signed-2264549474
certificate self-signed 01
3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323634 35343934 3734301E 170D3037 30373233 31373438
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32363435
34393437 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B6F8 F45E3590 6610B0DC D2C74689 1D390C90 365E5260 42DB670B A5B406ED
69D18A0D B33849A8 2A8932A9 F900A1AF FE41F2F6 39A6D926 744EF712 BF9F63BD
0296E41B CE329E73 5DE549AC C6E0F56D 2BD3C375 D5608048 E8763559 8E16CFE5
1B1C7DCF 07F0EE6B 344D9911 2545473D 99EA7EDB B6F3771D CCDDB4B9 9199B185
471F0203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
03551D11 04253023 8221526F 6F666C69 6768745F 53686970 746F6E2E 726F6F66
quit
username ********** privilege 15 secret 5 $1$qoVo$CoUzvQyMIrI8k4phYx0yb/
username ********** privilege 15 secret 5 $1$4UGx$.SYpW1f1Xq10MhGeDdTF40
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key *********99 address 82.133.89.***
!
!
crypto ipsec transform-set roofset esp-des esp-md5-hmac
!
crypto map ********** 1 ipsec-isakmp
set peer 82.133.89.***
set transform-set roofset
match address 116
!
!
!
!
interface FastEthernet0/0
ip address 195.72.181.** 255.255.255.248 secondary
ip address 192.168.0.99 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map vantage_srv
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 11
!
!
interface ATM0/1/0
no ip address
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 12
!
!
interface ATM0/2/0
no ip address
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 13
!
!
interface ATM0/3/0
no ip address
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 14
!
!
interface Dialer11
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
logging event subif-link-status
dialer pool 11
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname adsl00321@community
ppp chap password 0 **********
!
interface Dialer12
ip address 88.97.251.** 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
logging event subif-link-status
dialer pool 12
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname zen145609@zen
ppp chap password 0 **********
!
interface Dialer13
ip address 88.97.251.*** 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
logging event subif-link-status
dialer pool 13
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname zen145610@zen
ppp chap password 0 **********
crypto map rooflight
!
interface Dialer14
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
logging event subif-link-status
dialer pool 14
dialer idle-timeout 0
dialer persistent
ppp authentication chap callin
ppp chap hostname rooflight-adsl03@community
ppp chap password 0 **********
!
ip route 0.0.0.0 0.0.0.0 Dialer11
ip route 192.168.10.0 255.255.255.0 Dialer13
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map dsl1 interface Dialer12 overload
ip nat inside source route-map dsl2 interface Dialer13 overload
ip nat inside source route-map nonat interface Dialer11 overload
!
ip access-list extended remote_access
!
access-list 110 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
access-list 112 permit ip 192.168.0.0 0.0.0.255 any
access-list 116 permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 198 permit tcp host 192.168.0.3 eq 3389 any
access-list 199 permit tcp host 192.168.0.5 eq 3389 any
dialer-list 11 protocol ip permit
dialer-list 12 protocol ip permit
dialer-list 13 protocol ip permit
dialer-list 14 protocol ip permit
!
route-map rdp_server permit 10
match ip address 199
set interface Dialer14
!
route-map vantage_srv permit 10
match ip address 198
set interface Dialer14
!
route-map dsl2 permit 10
match ip address 112
!
route-map dsl1 permit 10
match ip address 110
!
route-map nonat permit 10
match ip address 110
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
