cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1593
Views
0
Helpful
16
Replies

Two default gateways with 2811

vdalehubbard
Level 1
Level 1

I wanted to ask if anybody could point me the right direction how to configure a 2811 router with two default gateways. I bought another port so I have two ethernets coming in and one going out to handle this.

Thanks!

16 Replies 16

Richard Burts
Hall of Fame
Hall of Fame

I do not understand your comment about having two ethernets coming in and one going out. But if you want to have two default gateways (actually two default routes) it is quite easy. You would configure it like this:

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0

HTH

Rick

HTH

Rick

Thanks Rick!

This is what I'm setting up and I really have some concerns here. Here is the link starting at Internet working it's way down to our LAN of my network.

Internet to

Two DSL Modems to

Cisco 2811 Router to

Cisco PIX to

Switch on to

LAN

What about my outside addresses? The 2 DSL modems have an outside address of course, should my two ports that these go to on the router also have outside address? Leaving the other side of the router going to the PIX with an internal address and the other side going to the switch with an internal adddress also?

I know my PIX will have my access lists that will open up ports I need. Where should I do my NATing? At the router? How about my PDM's? At the router? That makes sense to me, leaving the PIX as the firewall to just open ports.

Any help is appricated.

I think it makes good sense for the two router interfaces connected to the DSL modems to have outside addresses (which they probably will get from the dSL modem). And the interface on the router going to the PIX would normally have an internal address. And this means that you need to perform NAT on the router (since the router is the only device that knows what outside address you need to translate to.

HTH

Rick

HTH

Rick

Would it work to put an internal address on the outside of your PIX since the PIX is behind our router?

I would think that it makes the most sense to put an internal address on the PIX outside interface since it is in fact internal to your network.

HTH

Rick

HTH

Rick

Okay, still having some issues.

First, the installed extra Ethernet Interface I put in lights up and everything when something is plugged into it but the IOS does not see it at all. Any suggestions?

Second, I can't route past the outside interfaces of the router to get to the DSL modems. From the inside interface of the PIX, I can ping the outside interfaces of the router but no further. I think it might be something with NAT? I have PAT running the on the PIX right now, along with my access lists. Using these commands:

ip route 0.0.0.0 0.0.0.0 *.*.*.209

ip route 0.0.0.0 0.0.0.0 *.*.*.222

209 and 222 being the DSL modems which is the next hop.

Any suggestions on these?

There appear to be several issues here. As far as the extra Ethernet lighting up but the IOS not recognizing it, it might be helpful to post the output of show version on the router. And also to post information about the Ethernet (what part number etc) and perhaps we can figure out what is happening. My first guess would be the possibility that the version of IOS you are running may not support that version of card. Maybe we can sort that out.

As for the routing issue, if you can ping from the PIX to the router outside interface that indicates that you have appropriate routes defined in the PIX to get outside. If you can not ping further than the outside interface of the router, several possibilities come to mind. One of them is that there may be a problem with the way that NAT is configured. Perhaps you can post your NAT configuration from the router.

Another question about your routing issue is whether from the router itself you can ping through the DSL modem(s) to outside destinations?

HTH

Rick

HTH

Rick

IOS Version 12.3(8)T4

Network Interface Card NM-1FE2W-V2

I have PAT running on the PIX but I don't have NAT running on the router. So, I probably need NAT running on the router?

I would think that you do need NAT on the router. If you do not translate your addresses (router, PIX, LAN) into addresses in the address space of the provider then how will the provider know how to route responses back to you?

HTH

Rick

HTH

Rick

Got NAT on the router, was able to ping the modems with the router! Now, I still can't ping the modems with my PIX though. I did have PAT running on the PIX, turned it off with no different result. Any more suggestions? This has been a big help!Thanks!

I think that NAT on the router is good. I have a couple of questions which may help figure what is happening.

- what routes are defined on the PIX? (I would expect a default route pointing to the interface on the router and perhaps routes for the inside network)

- what routes are defined on the router? (I would expect one default route pointed out one of the modems and another default route pointed out the other modem and a route for the inside network pointing to the PIX address)

- if you can ping the modems from the router that is a good start. Can you do an extended ping on the router which specifies the destination as the modem address and specifies the source as the address of the inside interface? If this fails (and I suspect it may if you can not ping the modem from the PIX) it may indicate a problem with the setup of NAT.

- how is your NAT set up? Is there one NAT for connections going out one modem and a separate NAT for connections going out the other modem?

HTH

Rick

HTH

Rick

Sorry for the late response, was on vacation last week.

Well, I checked over that and it made sense but I'm still getting the same result. Here is my configuration on my router:

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no logging buffered

!

username administrator privilege 15 password 0

******

no network-clock-participate aim 0

no network-clock-participate aim 1

no aaa new-model

ip subnet-zero

!

!

ip cef

!

!

no ftp-server write-enable

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 206.**.**.*13 255.255.255.240

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 206.**.**.*09

ip route 0.0.0.0 0.0.0.0 206.**.**.*22

ip http server

ip http authentication local

ip nat pool NAT 206.**.**.215 206.**.**.*20 netmask 255.255.255.240

ip nat inside source static 10.10.10.1 206.**.**.*13

ip nat outside source static 206.**.**.*13 10.10.10.1

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

scheduler allocate 20000 1000

!

end

I have a couple of comments about the config that you posted.

You configure interface FastEthernet 0/0 with this address:

ip address 206.**.**.*13 255.255.255.240

This indicates that addresses 206.*.*.1 through 206.*.*.15 are the subnet that is recognized on that interface. So the first default route:

ip route 0.0.0.0 0.0.0.0 206.**.**.*09

would make sense (if the DSL modem is actually at address .9. The second default route:

ip route 0.0.0.0 0.0.0.0 206.**.**.*22

does not make sense for this config. I suspect that it may have been part of your effort to have two outbound paths but the extra interface did not work. I suspect that if you do a show ip route on the router that the second default route does not show up. (And I would be very worried if it did show up.) I sugest that you clean up the config and remove the second default route.

I also have questions about your NAT pool which is configured with:

ip nat pool NAT 206.**.**.215 206.**.**.*20 netmask 255.255.255.240

First of all I do not understand what you think the relationship is of ...215 and ...20.

Second, this NAT pool is not part of the subnet that the provider DSL modem recognizes as part of your network. So how is the provider supposed to route these addresses to you?

HTH

Rick

HTH

Rick

The 206.**.**.*22 is the other DSL modem, which the extra card did not work.

The nat configuration was the left over IP addresses that I had from the ISP. I didn't "*" out the 215 on acident, and so it is 215 to 220 in my NAT configuation. So, my pool needs a 255.255.255.0 subnet mask, is that what you are refering to in the second NAT question?

Review Cisco Networking for a $25 gift card