01-30-2014 06:47 AM - edited 03-04-2019 10:12 PM
Hi there
I try to configure it to have dual wan but it does not work (I'm using the NAT Overload for both). 1WAN is blocked qnd can pass only if I deactivate the first overload, Here is my configuration :
MainFS(config-line)#do sho run
Building configuration...
Current configuration : 3629 bytes
!
! Last configuration change at 14:02:58 UTC Thu Jan 30 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MainFS
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 **********************************************************
enable password 7 ******************************************************
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
ip wccp web-cache password 7 *************************************
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2911/K9 sn FGL164710QK
!
!
!
!
!
track 10 interface GigabitEthernet0/1 ip routing
delay down 10 up 10
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description "WAN1 MICRO"
ip address 10.0.7.15 255.255.255.128
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description "WAN2 MAF"
ip address 10.2.8.34 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.1
encapsulation dot1Q 1 native
ip address 10.10.0.254 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.2
encapsulation dot1Q 2
ip address 10.10.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.3
encapsulation dot1Q 3
ip address 10.10.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.4
encapsulation dot1Q 4
ip address 10.10.3.1 255.255.255.0
!
interface GigabitEthernet0/2.5
encapsulation dot1Q 5
ip address 10.10.4.1 255.255.255.0
!
interface GigabitEthernet0/2.6
encapsulation dot1Q 6
ip address 10.10.5.1 255.255.255.0
!
interface GigabitEthernet0/2.7
encapsulation dot1Q 7
ip address 10.10.6.1 255.255.255.0
!
interface GigabitEthernet0/2.8
encapsulation dot1Q 8
ip address 10.10.7.1 255.255.255.0
!
interface GigabitEthernet0/2.9
encapsulation dot1Q 9
ip address 10.10.8.1 255.255.255.0
!
interface GigabitEthernet0/2.10
encapsulation dot1Q 10
ip address 10.10.9.1 255.255.255.0
!
interface GigabitEthernet0/2.11
encapsulation dot1Q 11
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/2.12
encapsulation dot1Q 12
ip address 10.10.11.1 255.255.255.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map MAF interface GigabitEthernet0/1 overload
ip nat inside source route-map MICROCOM interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.2.8.33 track 10
ip route 0.0.0.0 0.0.0.0 10.0.7.1 track 11
!
!
access-list 10 permit 10.10.0.1
access-list 120 deny ip host 10.10.0.1 any
access-list 120 permit ip 10.10.0.0 0.0.0.255 any
access-list 120 deny ip any any
access-list 120 permit tcp 10.10.0.0 0.0.0.255 any eq www
!
route-map MICROCOM permit 10
match ip address 10 120
set default interface GigabitEthernet0/0
!
route-map MAF permit 10
match ip address 10 120
set default interface GigabitEthernet0/1
!
!
!
control-plane
!
!
!
line con 0
password 7 ********************************************************
logging synchronous
login
!
line vty 0 4
access-class 23 in
privilege level 15
password 7 ********************************************************
logging synchronous
login
transport input telnet ssh
!
scheduler allocate 20000 1000
end
01-30-2014 07:12 AM
Pierre
Can you try modifying your route map config. Remove the set default interface lines and add match interface lines ie.
route-map MICROCOM permit 10
match ip address 10 120
match interface gi0/0
!
route-map MAF permit 10
match ip address 10 120
match interface gi0/1
!
Jon
01-30-2014 08:28 AM
I agree with Jon. The set interface syntax works when you are doing Policy Based Routing. For address translation the route map needs to match the interface and not set the interface.
HTH
Rick
01-30-2014 08:56 AM
Thanks John, It works I'm very happy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide