Networks

Question

Locked

CISCO 1811 When I enable WAN 2, I loose connection on WAN 1

By stuff ·
I have a CISCO 1811. When I enable FA1 which is my WAN 2 (DHCP from cable modem). I loose browsing capabilities. I am able to ping out and everything else but I Cannot browse from any computer using FA0 (static ip from Cable Modem). Needless to say I don't get any access on FA1. Here is my configuration, can you please review it and see if you find anything wrong, thanks. Forgot to mention I am a newbie a this.

JR

Current configuration : 5067 bytes
! Last configuration change at 22:22:14 PCTime Wed Sep 17 2008
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
enable password xxxxxxx
no aaa new-model
memory-size iomem 15
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-950502357
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-950502357
revocation-check none
rsakeypair TP-self-signed-950502357
crypto pki certificate chain TP-self-signed-950502357
certificate self-signed 01
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.0.1
ip dhcp pool MAIN
import all
network 192.168.1.0 255.255.255.0
dns-server aa.bb.cc.dd aa.bb.cc.dd
default-router 192.168.1.1
ip dhcp pool SECONDARY
import all
network 192.168.0.0 255.255.255.0
dns-server aa.bb.cc.dd aa.bb.cc.dd
default-router 192.168.0.1
ip cef
no ip domain lookup
ip ddns update method sdm_ddns1
HTTP
add http://XXXXX@members.dyndns.org/nic/update?system=dyndns&hostname=
<h>&myip=<a>
remove http://xxxx:xxxx@members.dyndns.org/nic/update?system=dyndns&hostna
me=<h>&myip=<a>
no ipv6 cef
multilink bundle-name authenticated
username admin privilege 15 password 0 XXXXXX
archive
log config
hidekeys
interface FastEthernet0
ip address 67.xx.17.XX 255.255.255.252
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
interface FastEthernet1
ip address dhcp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
shutdown
duplex auto
speed auto
interface FastEthernet2
duplex full
speed 100
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
switchport access vlan 2
interface FastEthernet7
switchport access vlan 2
interface FastEthernet8
switchport access vlan 2
interface FastEthernet9
switchport access vlan 2
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1460
interface Vlan2
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1460
interface Async1
no ip address
encapsulation slip
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 67.xx.17.xx
ip route 192.168.0.0 255.255.255.0 FastEthernet1
ip route 192.168.1.0 255.255.255.0 67.xx.17.xx
ip route 0.0.0.0 0.0.0.0 dhcp
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.1.2 5001 interface FastEthernet0 5001
ip nat inside source static tcp 192.168.1.2 5002 interface FastEthernet0 5002
ip nat inside source static udp 192.168.1.2 5001 interface FastEthernet0 5001
ip nat inside source static udp 192.168.1.2 5002 interface FastEthernet0 5002
ip nat inside source static tcp 192.168.1.2 8080 interface FastEthernet0 8080
ip nat inside source static tcp 192.168.1.2 2001 interface FastEthernet0 2001
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 104 permit gre any any
control-plane
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password xxxxxx
login
!
end

Router#
Router#
Router#
Router#
Router#

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

use IP SLA

by ryan In reply to CISCO 1811 When I enable ...

if all you want is auto failover look into IP SLA. Basically the router can "track" each connection, for example pinging a router thats one or two hops up on each side, and then install a default router based on that. If you want to do some manual load balancing, for example web traffic out one connection and email out another, then route maps/policy NAT would be involved. I have done this for a couple different people using an 1811 and it works very well. You MIGHT need to adjust your NAT timers to ensure the flows expire quick enough for failover. If you are hosting anything that you need to be reachable from the outside, that will likely involve DNS(secondary MX record, monitored DNS, etc)

Related Discussions

Related Forums