02-27-2007 02:20 PM - edited 03-03-2019 03:57 PM
I'm a newbie in cisco router and I need to setup a new router with 2 wan, one is a dynamic pppoe 69.x.x.x and the other a static ip T1 frame relay 206.x.x.x.
I really need to have all the FTP traffic directed to the T1, and we also would like to use the PPPoe for Http access since the DSL is faster for download.
we are using NAT for the lan 192.168.x.x
I have not find a config that will show me how to address this type of configuration. can it be done thru SDM?
is the load balancing works with different type of wan?
thank you for your help. fred.
02-27-2007 02:34 PM
hi,
you need to use the route map to configure your requirement... by permiting TCP FTP and TCP HTTP using two different accesslist and then use match command under the routemap and set their next hop accordingly...
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
regards
Devang
02-27-2007 03:13 PM
thank you but how do I route map using sdm? thx
02-27-2007 03:16 PM
i dont know about SDM but you can search it from cisco website... just get the version number of SDM and do search in cisco website you will have lots of information...
or wait for other experts explanations...
regards
Devang
02-27-2007 03:32 PM
here is my config where the routemap should be enter.
interface FastEthernet0
description $ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet1
description $ES_WAN$$FW_OUTSIDE$
ip address 200.10.60.100 255.255.255.0
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
shutdown
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nbar protocol-discovery
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxx
ppp chap password 7 xxxxx
ppp pap sent-username xxxxx@sbcglobal.net password 7 xxxx
!
ip route 0.0.0.0 0.0.0.0 FastEthernet1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 200.10.60.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host xxx.xxx.xxx.xxx eq domain host 200.10.60.100
access-list 101 permit udp host xxx.xxx.xxx.xxx eq domain host 200.10.60.100
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any host 200.10.60.100 echo-reply
access-list 101 permit icmp any host 200.10.60.100 time-exceeded
access-list 101 permit icmp any host 200.10.60.100 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 1xxx.1x.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
control-plane
!
line con 0
login local
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end
02-27-2007 10:30 PM
hi,
you can define your own extendad access-list and then you are going to permit the 23 and 80 tcp port and then you can enter the routmaps... with set next-hop options...
regards
Devang
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide