Hi Need some comments in my code below. I am having problems using both interfaces at the same time.
/// ISP 1 - Cable ISP 2 ADSL /// crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp keepalive 20 10 ! crypto isakmp client configuration group XXXXX key xxxxxx pool vpn_pool crypto isakmp profile VPNclient description VPN clients profile match identity group PARCEIROS client authentication list vpnusers isakmp authorization list vpn_group client configuration address respond ! ! crypto ipsec transform-set 3des esp-3des esp-sha-hmac ! crypto dynamic-map vpn_map 99 set transform-set 3des set isakmp-profile VPNclient reverse-route ! ! crypto map vpn_map 99 ipsec-isakmp dynamic vpn_map ! !
! interface FastEthernet0/0 description TRUNK PARA SWITCH no ip address duplex auto speed auto ! interface FastEthernet0/0.3 description LOCAL encapsulation dot1Q 3 ip address 192.168.3.254 255.255.255.0 ip flow ingress ip flow egress ip nat inside ip virtual-reassembly ! interface FastEthernet0/0.4 shutdown ! interface FastEthernet0/0.7 description ISP 1 encapsulation dot1Q 7 ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip nat outside ip virtual-reassembly no cdp enable crypto map vpn_map ! interface FastEthernet0/1 description ISP 2 no ip address no ip mroute-cache duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface Dialer1 ip address negotiated ip verify unicast reverse-path ip mtu 1492 ip flow ingress ip flow egress ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname 21328554 ppp chap password 7 03560A58545774191A ppp pap sent-username 21328554 password 7 15405A5F56727E717C crypto map vpn_map ! ip local pool vpn_pool h.h.h.h h.h.h.h ip route vrf isp 1 0.0.0.0 0.0.0.0 196.46.4.254 global ip route vrf isp 2 0.0.0.0 0.0.0.0 Dialer1 ! no ip http server no ip http secure-server ip nat inside source list lan_in2 interface Dialer1 vrf tdm overload ip nat inside source list lan_in interface FastEthernet0/0.7 vrf tvcabo overload ip nat inside source static tcp 192.168.3.100 21 interface Dialer1 21 ip nat inside source static tcp 192.168.3.100 20 interface Dialer1 20 ip nat inside source static tcp 192.168.3.101 25 y.y.y.y 25 extendable ip nat inside source static tcp 192.168.3.101 53 y.y.y.y 53 extendable ip nat inside source static udp 192.168.3.101 53 y.y.y.y 53 extendable ip nat inside source static tcp 192.168.3.100 80 y.y.y.y 80 extendable ip nat inside source static tcp 192.168.3.101 222 y.y.y.y 222 extendable ip nat inside source static tcp 192.168.3.101 53 x.x.x.x 53 extendable ip nat inside source static udp 192.168.3.101 53 x.x.x.x 53 extendable ip nat inside source static tcp 192.168.3.100 80 x.x.x.x 80 redundancy teste extendable ! ip access-list extended gestao_in permit tcp 196.46.0.0 0.0.255.255 any eq 22 permit tcp 192.168.4.0 0.0.0.255 any eq 22 permit tcp 192.168.3.0 0.0.0.255 any eq 22 permit tcp 41.220.0.0 0.0.255.255 any eq 22 ip access-list extended lan_in deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 permit esp 192.168.3.0 0.0.0.255 any permit udp 192.168.3.0 0.0.0.255 any eq domain log permit udp 192.168.3.0 0.0.0.255 any eq isakmp permit tcp 192.168.3.0 0.0.0.255 any eq www log permit tcp 192.168.3.0 0.0.0.255 any eq 443 ip access-list extended lan_in2 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 permit tcp 192.168.3.0 0.0.0.255 any eq smtp domain permit udp 192.168.3.0 0.0.0.255 any eq domain log permit tcp 192.168.3.0 0.0.0.255 any eq 8080 log permit tcp 192.168.3.0 0.0.0.255 any eq www log