COMPUTERTECH33
IS-IT--Management
Hey all...Please help.
I have a 1750 configured and it works. The trick is, I need dial backup to activate when E0 goes down. I have an external 3com modem. It will dial out and connect to the 3640, and I can ping from the 1750 to the internal network by ip.
Problem is, the computer behing the 1750 can't ping the internal network or the 3640.
Here are some edited configs with the references to setup.
both 3640s that are used for dial in
username bri01rt01ec password 7 xxxxxxxxxxx
interface Group-Async1
ip unnumbered Serial1/0:23
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer in-band
dialer idle-timeout 1200
dialer map ip 170.1.1.16 name bri01rt01ec
ip route 192.168.16.0 255.255.255.0 172.17.1.6
ip route 192.168.16.0 255.255.255.0 170.1.1.16 200
PIX
access-list nonat permit ip 172.17.0.0 255.255.0.0 192.168.16.0 255.255.255.0
access-list nonat permit ip 172.16.0.0 255.255.0.0 192.168.16.0 255.255.255.0
access-list bri01rt01ec permit ip 172.16.0.0 255.255.0.0 192.168.16.0 255.255.255.0
access-list bri01rt01ec permit ip 172.17.0.0 255.255.0.0 192.168.16.0 255.255.255.0
route outside 192.168.16.0 255.255.255.0 xxx.xxx.xxx.xxx 1
crypto map mymap 26 ipsec-isakmp
crypto map mymap 26 match address bri01rt01ec
crypto map mymap 26 set peer 10.0.0.1
crypto map mymap 26 set transform-set myset
isakmp key xxxxxxx address 10.0.0.2 netmask 255.255.255.252
******************************************************************************************
***********change MAC address of int e0 to the MAC address of cable modem***********
bri01rt01ec#sh ru
Building configuration...
Current configuration : 3951 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname bri01rt01ec
!
no logging on
enable password 7 xxxxxxxxxxxxx
!
username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxx
username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxx
username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxx
memory-size iomem 20
ip subnet-zero
no ip finger
ip tcp chunk-size 1200
no ip domain-lookup
ip host bri01rt01ec 2005 192.168.16.1
ip dhcp excluded-address 192.168.16.1 192.168.16.20
!
ip dhcp pool bri01rt01ec
import all
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
domain-name blah.com
dns-server 172.17.2.60 xxx.xxx.xxx.xxx
netbios-name-server 172.17.2.60 172.17.2.30
netbios-node-type h-node
lease 30
!
ip dhcp pool jdirect1
host 192.168.16.18 255.255.255.0
hardware-address 0010.8394.7e2a
client-name NPI947E2A
!
chat-script modem ABORT ERROR "" "ATDT\T" TIMEOUT 60 CONNECT \c
!
!
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key xxxxxx address xxx.xxx.xxx.xxx
!
!
crypto ipsec transform-set sharks esp-des esp-md5-hmac
!
crypto map nolan 11 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set sharks
match address 121
!
!
!
!
interface Ethernet0
mac-address 0004.5a86.37f2
backup delay 10 60
backup interface Async5
ip address 10.0.0.1 255.255.255.252
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map nolan
!
interface FastEthernet0
ip address 192.168.16.1 255.255.255.0
ip helper-address 172.17.2.30
ip helper-address 172.17.2.255
ip helper-address 172.17.255.255
ip helper-address 172.16.255.255
ip directed-broadcast
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
!
interface Async5
ip address 170.1.1.16 255.255.255.0
encapsulation ppp
keepalive 10
dialer in-band
dialer idle-timeout 300
dialer string 9,xxxxxxxxx
dialer-group 1
fair-queue
ppp authentication chap
!
interface Dialer1
no ip address
no cdp enable
!
ip nat inside source route-map nonat interface Ethernet0 overload
ip kerberos source-interface any
ip classless
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip forward-protocol udp netbios-ss
ip forward-protocol udp 42508
ip route 0.0.0.0 0.0.0.0 10.0.0.2
ip route 0.0.0.0 0.0.0.0 Async5 200
no ip http server
!
no logging trap
logging facility local0
logging 172.17.1.31
access-list 3 permit any
access-list 110 deny ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 110 deny ip 192.168.16.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 110 permit ip 192.168.16.0 0.0.0.255 any
access-list 120 permit ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 120 permit ip 192.168.16.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 121 permit ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 121 permit ip 192.168.16.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 150 permit esp host public ip host 0.0.0.0
access-list 150 permit udp host public ip host 0.0.0.0 eq isakmp
access-list 150 permit ip any 192.168.16.0 0.0.0.255
priority-list 1 protocol ip high
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 110
!
snmp-server engineID local xxxxxxxxxxxxxxxxxxxxx
snmp-server community xxx RO
banner motd ^CCC
Unauthorized access is prohibited
Violators will be prosecuted
Welcome
^C
!
line con 0
password 7 xxxxxxxxxxxx
login
transport input none
line aux 0
password 7 xxxxxxxxxxxx
autoselect ppp
modem InOut
modem autoconfigure discovery
transport input all
autohangup
speed 38400
flowcontrol hardware
line vty 0 4
access-class 3 in
password 7 xxxxxxxxxxxxxxxx
login
!
no scheduler allocate
end
I have a 1750 configured and it works. The trick is, I need dial backup to activate when E0 goes down. I have an external 3com modem. It will dial out and connect to the 3640, and I can ping from the 1750 to the internal network by ip.
Problem is, the computer behing the 1750 can't ping the internal network or the 3640.
Here are some edited configs with the references to setup.
both 3640s that are used for dial in
username bri01rt01ec password 7 xxxxxxxxxxx
interface Group-Async1
ip unnumbered Serial1/0:23
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer in-band
dialer idle-timeout 1200
dialer map ip 170.1.1.16 name bri01rt01ec
ip route 192.168.16.0 255.255.255.0 172.17.1.6
ip route 192.168.16.0 255.255.255.0 170.1.1.16 200
PIX
access-list nonat permit ip 172.17.0.0 255.255.0.0 192.168.16.0 255.255.255.0
access-list nonat permit ip 172.16.0.0 255.255.0.0 192.168.16.0 255.255.255.0
access-list bri01rt01ec permit ip 172.16.0.0 255.255.0.0 192.168.16.0 255.255.255.0
access-list bri01rt01ec permit ip 172.17.0.0 255.255.0.0 192.168.16.0 255.255.255.0
route outside 192.168.16.0 255.255.255.0 xxx.xxx.xxx.xxx 1
crypto map mymap 26 ipsec-isakmp
crypto map mymap 26 match address bri01rt01ec
crypto map mymap 26 set peer 10.0.0.1
crypto map mymap 26 set transform-set myset
isakmp key xxxxxxx address 10.0.0.2 netmask 255.255.255.252
******************************************************************************************
***********change MAC address of int e0 to the MAC address of cable modem***********
bri01rt01ec#sh ru
Building configuration...
Current configuration : 3951 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname bri01rt01ec
!
no logging on
enable password 7 xxxxxxxxxxxxx
!
username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxx
username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxx
username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxx
memory-size iomem 20
ip subnet-zero
no ip finger
ip tcp chunk-size 1200
no ip domain-lookup
ip host bri01rt01ec 2005 192.168.16.1
ip dhcp excluded-address 192.168.16.1 192.168.16.20
!
ip dhcp pool bri01rt01ec
import all
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
domain-name blah.com
dns-server 172.17.2.60 xxx.xxx.xxx.xxx
netbios-name-server 172.17.2.60 172.17.2.30
netbios-node-type h-node
lease 30
!
ip dhcp pool jdirect1
host 192.168.16.18 255.255.255.0
hardware-address 0010.8394.7e2a
client-name NPI947E2A
!
chat-script modem ABORT ERROR "" "ATDT\T" TIMEOUT 60 CONNECT \c
!
!
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key xxxxxx address xxx.xxx.xxx.xxx
!
!
crypto ipsec transform-set sharks esp-des esp-md5-hmac
!
crypto map nolan 11 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set sharks
match address 121
!
!
!
!
interface Ethernet0
mac-address 0004.5a86.37f2
backup delay 10 60
backup interface Async5
ip address 10.0.0.1 255.255.255.252
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map nolan
!
interface FastEthernet0
ip address 192.168.16.1 255.255.255.0
ip helper-address 172.17.2.30
ip helper-address 172.17.2.255
ip helper-address 172.17.255.255
ip helper-address 172.16.255.255
ip directed-broadcast
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
!
interface Async5
ip address 170.1.1.16 255.255.255.0
encapsulation ppp
keepalive 10
dialer in-band
dialer idle-timeout 300
dialer string 9,xxxxxxxxx
dialer-group 1
fair-queue
ppp authentication chap
!
interface Dialer1
no ip address
no cdp enable
!
ip nat inside source route-map nonat interface Ethernet0 overload
ip kerberos source-interface any
ip classless
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip forward-protocol udp netbios-ss
ip forward-protocol udp 42508
ip route 0.0.0.0 0.0.0.0 10.0.0.2
ip route 0.0.0.0 0.0.0.0 Async5 200
no ip http server
!
no logging trap
logging facility local0
logging 172.17.1.31
access-list 3 permit any
access-list 110 deny ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 110 deny ip 192.168.16.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 110 permit ip 192.168.16.0 0.0.0.255 any
access-list 120 permit ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 120 permit ip 192.168.16.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 121 permit ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 121 permit ip 192.168.16.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 150 permit esp host public ip host 0.0.0.0
access-list 150 permit udp host public ip host 0.0.0.0 eq isakmp
access-list 150 permit ip any 192.168.16.0 0.0.0.255
priority-list 1 protocol ip high
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 110
!
snmp-server engineID local xxxxxxxxxxxxxxxxxxxxx
snmp-server community xxx RO
banner motd ^CCC
Unauthorized access is prohibited
Violators will be prosecuted
Welcome
^C
!
line con 0
password 7 xxxxxxxxxxxx
login
transport input none
line aux 0
password 7 xxxxxxxxxxxx
autoselect ppp
modem InOut
modem autoconfigure discovery
transport input all
autohangup
speed 38400
flowcontrol hardware
line vty 0 4
access-class 3 in
password 7 xxxxxxxxxxxxxxxx
login
!
no scheduler allocate
end
