Solved: Need A Help - Page 2

pawanharlecisco · ‎08-05-2011

Hello Friends,

As per topology attached herewith, i have 2 ISPs, ISP1 and ISP2. And i have one Cisco 1841 Router with only 2 Ethernet interfaces.My Lan subnet is 192.168.1.0.

My puspose is, i want to configure both ISP1 and ISP2 and my Lan Network on router, without adding any extra interaface. I also want to configure a nat so that Lan user can go to internet. I wabt to do this using 2 Interfaces.

Please give me your views and suggestion ,so that i can implement this.

Topology is attached herewith.

Regards

Pawan

Peter Paluch · ‎08-08-2011

Pawan,

Well, yes, there is... but I am afraid it would incur higher loads on your router and possibly decrease the throughput. But I believe you now need any solution that works.

Okay. Let me show you another possible configuration. Remove all configuration that you have added as a result with your discussion with me, and apply the following:

interface Loopback192

ip address 192.0.2.1 255.255.255.252

ip nat inside

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip address X.X.X.X M.M.M.M secondary ! This is the IP for ISP1

no ip redirects

ip nat outside

ip policy route-map PBR

interface FastEthernet 1/0

ip address Y.Y.Y.Y M.M.M.M ! This is the IP for ISP2

no ip redirects

ip nat outside

access-list 100 deny 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit 192.168.1.0 0.0.0.255 any

ip nat pool ISP1 X.X.X.X X.X.X.X netmask 255.255.255.252

ip nat pool ISP2 Y.Y.Y.Y Y.Y.Y.Y netmask 255.255.255.252

route-map ISP1 permit 10

match ip address 100

match interface FastEthernet0/0

route-map ISP2 permit 10

match ip address 100

match interface FastEthernet1/0

route-map PBR permit 10

match ip address 100

set interface Loopback192

ip nat inside source route-map ISP1 pool ISP1 overload

ip nat inside source route-map ISP2 pool ISP2 overload

ip route 0.0.0.0 0.0.0.0 ISP1_NEXT_HOP

ip route 0.0.0.0 0.0.0.0 ISP2_NEXT_HOP

After this works, you may optionally enhance it with your SLA configuration, but this should allow you to use both ISPs and NAT to the correct corresponding space.

Let me know if it worked. And please press your senior for the VLAN-capable switch. All these suggestions are very improper hacks.

Best regards,

Peter

pawanharlecisco · ‎08-08-2011

Dear Peter,

Thankyou so much....Let me try it and will revert to u.

Regards

Pawan

pawanharlecisco · ‎08-08-2011

Hi Peter,

Thankyou very much Brother for helping me and guiding me, the way u guide was too good. All the things are working properly.Please take a look for the config mentioned below.

Policy#sh run

Building configuration...

Current configuration : 1903 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Policy

!

boot-start-marker

boot-end-marker

!

no logging console

!

no aaa new-model

memory-size iomem 5

!

ip cef

!

no ip domain lookup

ip sla monitor 1

type echo protocol ipIcmpEcho 10.10.10.1 source-interface FastEthernet0/0

timeout 1000

threshold 2

frequency 3

ip sla monitor schedule 1 life forever start-time now

!

track 1 rtr 1 reachability

!

interface Loopback192

ip address 192.0.2.1 255.255.255.252

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0

description Connt ISP1

ip address 10.10.10.2 255.255.255.0 secondary

ip address 192.168.4.1 255.255.255.0

no ip redirects

ip nat outside

ip virtual-reassembly

ip policy route-map PBR

duplex auto

speed auto

!

interface FastEthernet1/0

description Connt ISP2

ip address 192.168.3.1 255.255.255.0

no ip redirects

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet2/0

no ip address

shutdown

duplex auto

speed auto

!

no ip http server

ip route 0.0.0.0 0.0.0.0 10.10.10.1 track 1

ip route 0.0.0.0 0.0.0.0 192.168.3.2 10

!

ip nat pool ISP1 10.10.10.2 10.10.10.2 netmask 255.255.255.252

ip nat pool ISP2 192.168.3.1 192.168.3.1 netmask 255.255.255.252

ip nat inside source route-map ISP1 pool ISP1 overload

ip nat inside source route-map ISP2 pool ISP2 overload

!

access-list 100 deny ip 192.168.4.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 100 permit ip 192.168.4.0 0.0.0.255 any

route-map PBR permit 10

match ip address 100

set interface Loopback192

!

route-map ISP2 permit 10

match ip address 100

match interface FastEthernet1/0

!

route-map ISP1 permit 10

match ip address 100

match interface FastEthernet0/0

!

control-plane

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

Policy#

Thanks Once Again...

Pawan