Dual WAN setup and Load Balancing with IPsec VPN under NAT

Kulwinder-sk · ‎09-09-2018

Hello,

I have Cisco 887v router with C800 Software (C800-universalK9-M) Version 15.3.

My Scenario i have a ISP-1 with cable modem another ISP-2 with static WAN route. I want ISP-1 for IPsec VPN and ISP-2 for default internet.

PLEASE HELP ME...how to do PBR routing here with NAT.

interface Vlan100

ip address 10.200.200.1 255.255.255.224
ip nat inside
ip virtual-reassembly in

!

interface Vlan200
ip address 192.168.1.138 255.255.255.0
ip nat outside
ip virtual-reassembly in

!

interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp pap sent-username Pxxxxxxx password 0 1xxxxxxx
ppp ipcp dns request accept
ppp ipcp route default

!

Georg Pauwen · ‎09-09-2018

Hello,

IPSec VPN as in site to site VPN, or are you talking about remote VPN users ? Also, post the full configuration of the router including both ISP connections...

Kulwinder-sk · ‎09-09-2018

Thanks for your reply. yes i am talking about Site to site VPN, i will post config.

Georg Pauwen · ‎09-09-2018

Hello,

it is going to be a split tunnel config then. Awaiting the configuration...

Kulwinder-sk · ‎09-09-2018

Yes this would be split tunnel to multiple vlans. i am creating configuration.

Kulwinder-sk · ‎09-10-2018

Dear

Please see my config, i am stuck at static routing..and i attached screenshot of both gateways are ping able

hostname BASMA-R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
no process cpu autoprofile hog
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
no cdp log mismatch duplex
no cdp run
!
ip tcp synwait-time 5
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface GigabitEthernet0/1
description ISP-2
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
no cdp enable
!
interface GigabitEthernet0/2
description Inside network
ip address 10.200.200.30 255.255.255.224
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
no cdp enable
!
interface Dialer1
description ISP-1
ip address dhcp
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp chap hostname bxxxxxx
ppp chap password 0 baxxxxxxx
no cdp enable
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map ISP-1 interface Dialer1 overload
ip nat inside source route-map ISP-2 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 track 123
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 track 254
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Dialer1
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.4.4 source-interface GigabitEthernet0/1
frequency 5
ip sla schedule 2 life forever start-time now
!
route-map ISP-2 permit 10
match ip address 100
match interface GigabitEthernet0/1
!
route-map ISP-1 permit 10
match ip address 110
match interface Dialer1
!
!
access-list 110 permit ip 10.200.200.0 0.0.0.31 any
!
control-plane
!
banner exec ^C