Two ethernet Interfaces want to use one as a backup different ISP's

I am trying to configure 2 ethernet ports on my cisco 1811 router to give my LAN intenet access, however I only want one of them to come up if the other goes down. I tryed setting up a FE1 as the backup to FE0 using the backup interface command however I don't know how to make NAT work with 2 differant IP schemes. I also tryed static routes but Im not sure Im doing it correctly. Im fairly new to cisco so please excuse me for being clueless. Any help would be appreciated. Detailed help needed.

!This is the running config of the router: 10.10.10.1 !---------------------------------------------------------------------------- !version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname SOV5Router ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 $1$jY6z$GqAgnImA0OOY7QCb2oLQK/ ! no aaa new-model ! resource policy ! clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 no ip source-route ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool sdm-pool1 import all network 10.10.10.0 255.255.255.0 dns-server 192.168.100.3 192.168.0.1 default-router 10.10.10.1 ! ! ip tcp synwait-time 10 no ip bootp server ip domain name yourdomain.com ip name-server 192.168.100.3 ip name-server 192.168.0.1 ip ssh time-out 60 ip ssh authentication-retries 2 ip inspect log drop-pkt ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip inspect name sdm_ins_in_100 cuseeme ip inspect name sdm_ins_in_100 dns ip inspect name sdm_ins_in_100 ftp ip inspect name sdm_ins_in_100 h323 ip inspect name sdm_ins_in_100 https ip inspect name sdm_ins_in_100 icmp ip inspect name sdm_ins_in_100 imap ip inspect name sdm_ins_in_100 pop3 ip inspect name sdm_ins_in_100 netshow ip inspect name sdm_ins_in_100 rcmd ip inspect name sdm_ins_in_100 realaudio ip inspect name sdm_ins_in_100 rtsp ip inspect name sdm_ins_in_100 esmtp ip inspect name sdm_ins_in_100 sqlnet ip inspect name sdm_ins_in_100 streamworks ip inspect name sdm_ins_in_100 tftp ip inspect name sdm_ins_in_100 tcp ip inspect name sdm_ins_in_100 udp ip inspect name sdm_ins_in_100 vdolive ! ! crypto pki trustpoint TP-self-signed-2450486519 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2450486519 revocation-check none rsakeypair TP-self-signed-2450486519 ! ! crypto pki certificate chain TP-self-signed-2450486519 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101

04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32343530 34383635 3139301E 170D3036 30393232 31353237 32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34353034 38363531 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D386 5F012672 CAC8CA3F 06F6FA3F 98E23292 412D3518 24520A82 1F61C217 432F3753 14064218 94ED1022 9C373EC4 6542657F CCD10622 8112E207 DB29B830 93BAF7E4 418428A6 3036D3CD 9A7330BC AC0BDEEF 6BBE6165 E99C1102 B1763F3A 8B700B48 1099479B 54A1DD4E 52A94E33 2D4EFF2E 4EF8A8FE 6B7D0E5D 95927E58 33650203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 14A3FCD2 90E9CA1C 83DBCAC8 9802C2A8 45DC47AB 19301D06 03551D0E 04160414 A3FCD290 E9CA1C83 DBCAC898 02C2A845 DC47AB19 300D0609 2A864886 F70D0101 04050003 8181009C 3AB92724 D6E6DFDA 857EFA05 925B0367 4F4C8955 50EDA051 DA258498 E9A45085 F4D644F5 B66E8FA5 0751A8BE 6395D03E B2EC063E 7F2D45E1 7E14231D 861B7C1C B3CC3AAA A8791C64 318D948C 5C760163 C518FC20 75A0C733 4CE0E0D0 C0B7678C 2EDCD520 8B730DD1 2435060A B4333B8C C0CB622C FB4F1A1B 11AEBCB6 232432 quit username gba privilege 15 secret 5 $1$JXH5$1jzFgQmcOCnXZtJJybLx.. ! ! class-map match-any sdm_p2p_kazaa match protocol fasttrack match protocol kazaa2 class-map match-any sdm_p2p_edonkey match protocol edonkey class-map match-any sdm_p2p_gnutella match protocol gnutella class-map match-any sdm_p2p_bittorrent match protocol bittorrent ! ! policy-map sdmappfwp2p_SDM_HIGH class sdm_p2p_gnutella drop class sdm_p2p_bittorrent drop class sdm_p2p_edonkey drop class sdm_p2p_kazaa drop ! ! ! ! ! ! interface FastEthernet0 description $ES_WAN$$FW_OUTSIDE$ ip address dhcp client-id FastEthernet0 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface FastEthernet1 description $ETH-WAN$$FW_INSIDE$ ip address dhcp client-id FastEthernet1 ip access-group 102 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_OUTSIDE$ ip address 10.10.10.1 255.255.255.0 ip access-group 103 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip inspect sdm_ins_in_100 in ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! interface Async1 no ip address no ip redirects no ip unreachables no ip proxy-arp encapsulation slip ! ip route 192.168.0.1 255.255.255.255 FastEthernet1 100 ip route 192.168.100.3 255.255.255.255 FastEthernet0 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat pool e1 10.10.11.0 10.10.11.255 netmask 255.255.255.0 ip nat pool e0 10.10.12.0 10.10.12.255 netmask 255.255.255.0 ip nat inside source list 1 interface FastEthernet0 overload ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.10.10.0 0.0.0.255 access-list 2 remark Backup access-list 2 remark SDM_ACL Category=2 access-list 2 permit 10.10.10.0 0.0.0.255 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp host 192.168.0.1 eq domain any access-list 101 permit udp host 192.168.100.3 eq domain any access-list 101 permit udp any eq bootps any eq bootpc access-list 101 deny ip 10.10.10.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip any any access-list 102 remark auto generated by SDM firewall configuration access-list 102 remark SDM_ACL Category=1 access-list 102 permit udp host 192.168.0.1 eq domain any access-list 102 deny ip 10.10.10.0 0.0.0.255 any access-list 102 permit ip any any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 permit udp any eq domain any access-list 103 permit ip any any access-list 110 remark for backup interface access-list 110 remark SDM_ACL Category=2 access-list 110 permit ip 10.10.10.0 0.0.0.255 any no cdp run ! ! ! ! ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local transport output telnet line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! scheduler allocate 4000 1000 scheduler interval 500 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end
Reply to
jmnjazzy566
Loading thread data ...

Hi Jmn, Did you try adding a line : ip nat inside source list 1 interface FastEthernet1 overload

??? You can have both I guess, each is specific to an interface Sounds like almost all your config is made with sdm , right ? I don't think it is necessary to have different acl for both interfaces. I better make it step by step :

1/ have both interfaces coming up and see what happens with "show ip cache" You should have routes on the 2 of them

2/ try to setup one as a backup for the other, but I think it will depend on the status of the modem which can still be up while its connection is down. So, due to the dhcp lease your interface will never get down Try the 1st point and let me know, I'll think of the 2nd while in the train back to home Unless meanwhile somebody else has an idea.

Daniel

snipped-for-privacy@ICQMAIL.COM wrote:

Reply to
daniel-fr

I tried adding the line you recommended but it didnt work. From what I understand Cisco NAT can only translate one set of ip addresses in its table so what I have set up now is ONE cisco 1811 router with 2 lines comming into the FE1/0 ports one is DHCP from the LAN in my office the other goes to a D-Link router.(this is only temporary the office I will be installing it in has static addresses however they will also be differant IP schemes.) Right now Im trying to NAT my VLAN (10.10.10.0) to the main line which is 192.168.100.3, then if this line goes down I have fastethernet1 should pick up and the ip is 192.168.0.1.... I am not sure if I could use any other method than what I am trying to resolve this issue... It is a NAT issue correct...or am I doing the wrong thing??

Reply to
jmnjazzy566

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.