Hello. Thanks in advance for any help you can provide. I'd be pulling my hair out if I had any left to pull. Please forgive my ignorance. I've attempted to include as many details as I can... including a diagram that I am in no way proud of and the current running config below.
We have a CISCO 871 that we were using to split traffic between an EoC drop and an AT&T DSL. 10.0.0.x traffic through the EoC and all web traffic through the DSL. We 'upgraded' to Uverse and AT&T provided us with what appears to be a consumer-grade Motorola NVG510.
We can't figure out how to configure the new setup. The EoC drop comes in to an ASA. The ASA is connected to the CISCO 871 on fa0. The local LAN is connected to the 871 on fa1 and the Motorola NVG510 (previously the DSL modem) to the 871 on fa4.
Traffic on the 192.168.0.1 gateway (vlan10) should be conditionally split between the two internet connections (with web traffic through the DSL/uverse). ANY traffic on the 192.168.0.2 gateway should go through the EoC.
As far as I can tell (again, no expert here) we were using pppoe with Dialer1 -> fa4 to connect and route traffic through the DSL. Appearantly you can't do this with Uverse... the only thing resolution I've found that's close to what I'm trying to do is here: http://forums.att.com/t5/Features-and-How-To/NVG510-Bridge-Mode/m-p/2928989#M29846 It might help provide some insight into the capabilities of the NVG510.
I suppose my question is this: how to I get the NVG510 to play nice with the 871 in our configuration?
Thanks again!
Andy
Diagram/Config:
Current configuration : 6092 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname blah
!
boot-start-marker
boot-end-marker
!
logging buffered 8192
no logging console
enable secret 5 blahblahblah.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3838153042
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3838153042
revocation-check none
rsakeypair TP-self-signed-3838153042
!
!
crypto pki certificate chain TP-self-signed-3838153042
certificate self-signed 01
blah
quit
dot11 syslog
ip cef
!
!
ip inspect name FIREWALL cuseeme timeout 3600
ip inspect name FIREWALL ftp timeout 3600
ip inspect name FIREWALL rcmd timeout 3600
ip inspect name FIREWALL realaudio timeout 3600
ip inspect name FIREWALL tftp timeout 30
ip inspect name FIREWALL h323 timeout 3600
ip inspect name FIREWALL https
ip inspect name FIREWALL udp timeout 15
ip inspect name FIREWALL tcp timeout 43200
ip inspect name FIREWALL esmtp
ip inspect name FIREWALL http
no ip domain lookup
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
username admin privilege 15 password 7 blah
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
description #### Connection to ASA 5505 ####
switchport access vlan 10
!
interface FastEthernet1
description #### Connection to Local LAN ####
switchport access vlan 10
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description DSL-WAN-Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip tcp adjust-mss 1452
shutdown
!
interface Vlan10
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1350
ip policy route-map SetRoute
!
interface Dialer1
description DSL-WAN-Dialer
ip address negotiated
ip access-group OUTSIDE_IN in
no ip unreachables
ip mtu 1492
ip inspect FIREWALL out
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username blerg password 7 blah
5
ppp ipcp route default
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 192.168.0.2 20
ip route 10.0.0.0 255.0.0.0 192.168.0.2
!
ip http server
ip http access-class 23
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:
ip nat source list NAT interface Dialer1 overload
ip nat inside source list NAT interface Dialer1 overload
!
ip access-list standard Inside-Netblock
deny 192.168.0.51
permit 192.168.0.0 0.0.0.255
ip access-list standard Server
permit 192.168.0.51
!
ip access-list extended DSL-Routes
permit tcp 192.168.0.0 0.0.0.255 any eq domain
permit udp 192.168.0.0 0.0.0.255 any eq domain
permit tcp 192.168.0.0 0.0.0.255 any eq 443
permit tcp 192.168.0.0 0.0.0.255 any eq www
ip access-list extended NAT
deny ip host 192.168.0.51 any
deny ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
permit tcp 192.168.0.0 0.0.0.255 any eq domain
permit udp 192.168.0.0 0.0.0.255 any eq domain
permit tcp 192.168.0.0 0.0.0.255 any eq 443
permit tcp 192.168.0.0 0.0.0.255 any eq www
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended OUTSIDE_IN
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
deny icmp any any
deny ip any any log
permit tcp any any eq www
permit tcp any any eq 443
permit ip any any log
!
access-list 21 permit 192.168.0.0 0.0.0.255
access-list 22 deny any
access-list 23 permit 10.10.10.0 0.0.0.7
dialer-list 1 protocol ip permit
no cdp run
!
!
route-map SetRoute permit 5
match ip address Server
set ip next-hop 192.168.0.2
!
route-map SetRoute permit 10
match ip address DSL-Routes
set default interface Dialer1
!
route-map SetRoute permit 20
set ip next-hop 192.168.0.2
!
!
control-plane
!
!
line con 0
session-timeout 15
exec-timeout 15 0
login local
no modem enable
line aux 0
access-class 22 in
line vty 0 4
session-timeout 15
access-class 21 in
exec-timeout 15 0
privilege level 15
login local
transport input telnet
!
scheduler max-task-time 5000
end
