brokebit’s

Scenario:

I have a routed ADSL circuit with 32 static IP address connected to a Cisco 2600 via an ADSL WIC. I also have a T1 line with 32 static addresses connected to Cisco 3620 via a T1 WIC. (Both of these connections are through Speakeasy.) I wanted to provide redundant internet connections to my hosts without having to use BGP.

The following configurations will allow the two routed subnets to communicated with one another via Ethernet as opposed to going out over one line and coming back in on the other. They will allow each subnet to fail over out-bound connectivity to the other link in the event one goes down via NAT. You can use this setup to offer some redundant inbound mail routing. These configurations can be extended to any type of connection and don't necassarlily need to be for a T1 line and ADSL.

These configurations also assume your routers have a single physical Ethernet interface and you are using VLANs and dot1q trunks. I have put comments in red so please don't paste those into your router.

 
Config #1 (T1 Router):

ip domain name brokenbytes.org
ip dhcp excluded-address 192.168.100.1 192.168.100.229
ip dhcp excluded-address 192.168.100.240 192.168.100.254

I wanted to run DHCP for my internal network. You don't need this if you don't want it.

ip dhcp pool home   
   network 192.168.100.0 255.255.255.0   
   default-router 192.168.100.2
   domain-name brokenbytes.org
   dns-server 192.168.100.1

interface FastEthernet1/0 
 description internal interface  no ip address
 speed 100
 full-duplex

This is my internal network interface. (VLAN 4). Users client PCs are on this subnet and NATed out to the Internet. This interface is also used to manage the router.

interface FastEthernet1/0.4 
 description management and internal interface 
 encapsulation dot1Q 4 native 
 ip address 192.168.100.2 255.255.255.0 
 ip nat inside

Hosts that need public static IPs are in this VLAN (6).
interface FastEthernet1/0.6  
  description Routed T1 Subnet 66.253.38.192/255.255.255.224 
 encapsulation dot1Q 6 
 ip address 66.253.38.193 255.255.255.224

The only two things on this subnet are the two routers. This subnet is used to route between the two public address spaces on each line without going out over the Internet and to allow us to do NAT from one public range to the other line.

interface FastEthernet1/0.11 
 description Inter-Router VLAN 
 encapsulation dot1Q 11 
 ip address 10.1.1.2 255.255.255.0 
 ip nat inside

interface Serial1/0
 description T1 to Speakeasy Circuit ID
 mtu 1522
 bandwidth 1536
 ip address 66.92.134.92 255.255.255.0
 ip nat outside
 encapsulation frame-relay IETF
 no fair-queue
 frame-relay map ip 66.92.134.1 16 broadcast IETF (Speakeasy requires this..)

This tells the router what to nat.
ip nat inside source list 1 interface Serial1/0 overload

These next two line are what give us the redundant routing to the Internet. Our primary default gateway is 66.92.134.1(Serial1/0). But we have another default gateway with a higher metric. If Serial1/0 is down all traffic will be routed to 10.1.1.1 which is the ADSL router.
ip route 0.0.0.0 0.0.0.0 66.92.134.1
ip route 0.0.0.0 0.0.0.0 10.1.1.1 110

This static route tells the router it should send traffic destined for the 32 DSL public IPs via our inter-vlan subnet (VLAN 11, 10.1.1.0/24) instead of via the Internet.
ip route 69.17.27.192 255.255.255.224 10.1.1.1

These two networks should get NATed when going out outside interfaces. (Serial1/0) This is what allows the DSL subnet to get to the Internet via the T1 line when the DSL line is down. It also allows our Internal network to get NATed out the T1.
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 69.17.27.192 0.0.0.31

Config #2 (ADSL Router):

interface ATM0/0
 ip address 64.81.146.241 255.255.255.0
 ip nat outside
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/35
 encapsulation aal5snap
 

interface Ethernet0/0
 no ip address
 half-duplex

Hosts that need public static IPs are in this VLAN (6).
interface Ethernet0/0.9
 encapsulation dot1Q 9
 ip address 69.17.27.193 255.255.255.224
 ip nat outside

Once again, this the same as above. This subnet is used to route between the two public address spaces on each line without going out over the Internet and to allow us to do NAT from one public range to the other line.
interface Ethernet0/0.11
 description inter router vlan
 encapsulation dot1Q 11
 ip address 10.1.1.1 255.255.255.0
 ip nat inside

Nat everything going outside that sourced from either the internal network or the T1 public range.
ip nat inside source list 1 interface ATM0/0 overload

Here is some of our redundant routing. Our primary default route is 64.81.146.1 which is over the DSL line.
If you can't get out that way then send it on over to the T1 router. Finaly we need to add some static routes for
the internal network and public T1 range that point to the other router.

ip route 0.0.0.0 0.0.0.0 64.81.146.1
ip route 0.0.0.0 0.0.0.0 10.1.1.2 110
ip route 66.253.38.192 255.255.255.224 10.1.1.2
ip route 192.168.100.0 255.255.255.0 10.1.1.2

These define what should be nated. basicly stuff sourced from the internal network and the the public T1 Ip space.

access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 66.253.38.192 0.0.0.31