Question : Two different ISP's on cisco 2821!

Dear All,
I have a situation with a cisco 2821 router and three interfaces : 2 Gigabit ethernet and one serial.
One Gigabit is connected to the lan!
The other Gibabit is on wireless link to ISP A
The serial connection is connected through Frame Relay to ISP B
I will include the configuration later!Right now there is one tunnel configured through the wireless
link connection.In that case i will need all other traffic than vpn to be routed through the frame relay connection
as also to be backup for the existing vpn connection .
Here is the configuration :

hostname cy-2821
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging

!
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
ip subnet-zero
!
!
no ip cef
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW vdolive
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool Cisco_Pool
   network 192.168.1.0 255.255.255.0
   dns-server 172.16.254.1 217.27.32.196
   default-router 192.168.1.15
   lease 2
!
!
no ip ips sdf builtin
no ip ips deny-action ips-interface
ip ips notify SDEE
no ip ips notify log
ip name-server 172.16.254.1
ip name-server 172.16.254.3
ip name-server 217.27.32.196
!
!
!
crypto pki trustpoint TP-self-signed-3390076426
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3390076426
 revocation-check none
 rsakeypair TP-self-signed-3390076426
!
!
crypto pki certificate chain TP-self-signed-3390076426
 certificate self-signed 01
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key Priv_key address 194.xxx.xxx.xxx
crypto isakmp xauth timeout 15

!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to194.xxx.xxx.xxx
 set peer 194.xxx.xxx.xxx
 set security-association lifetime kilobytes 4099445
 set transform-set ESP-3DES-SHA
 match address 100
!
!
!
interface GigabitEthernet0/0
 description $ETH-LAN$$FW_INSIDE$
 ip address 192.168.1.15 255.255.255.0
 ip access-group 101 in
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description THUNDER-FAST$ETH-WAN$$FW_OUTSIDE$
 ip address 217.yyy.yyy.yyy 255.255.255.252
 ip access-group 103 in
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed 100
 crypto map SDM_CMAP_1
!
interface Serial0/0/0
 no ip address
 encapsulation frame-relay
 no fair-queue
 frame-relay lmi-type q933a
!
interface Serial0/0/0.1 point-to-point
 description CYTANET CONNECTION$FW_OUTSIDE$
 ip address 195.aaa.aaa.aaa 255.255.255.252
 ip access-group 105 in
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 no ip route-cache same-interface
 frame-relay interface-dlci 20 IETF  
!
ip classless
ip route 0.0.0.0 0.0.0.0 217.zzz.zzz.zzz  <--- DG for wireless Link (ISPA)
ip route 0.0.0.0 0.0.0.0 195.zzz.zzz.zzz 2 <--- DG for FR (ISPB)
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip nat inside source route-map cytanet interface Serial0/0/0.1 overload
ip nat inside source route-map thunderfast interface GigabitEthernet0/1 overload
!

access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 3 permit any
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.254.0 0.0.0.255
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip host 80.bb.bb.bb any
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.15 eq telnet
access-list 101 permit tcp 172.16.254.0 0.0.0.255 host 192.168.1.15 eq 22
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.15 eq 22
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.15 eq www
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.15 eq 443
access-list 101 permit tcp 172.16.254.0 0.0.0.255 host 192.168.1.15 eq 443
access-list 101 permit tcp 172.16.254.0 0.0.0.255 host 192.168.1.15 eq cmd
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.15 eq cmd
access-list 101 permit ip 172.16.254.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 deny   tcp any host 192.168.1.15 eq telnet
access-list 101 deny   tcp any host 192.168.1.15 eq 22
access-list 101 deny   tcp any host 192.168.1.15 eq www
access-list 101 deny   tcp any host 192.168.1.15 eq 443
access-list 101 deny   tcp any host 192.168.1.15 eq cmd
access-list 101 deny   udp any host 192.168.1.15 eq snmp
access-list 101 deny   ip 195.xx.xx.xx 0.0.0.3 any
access-list 101 deny   ip 217.yy.yy.yy 0.0.0.3 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark SDM_ACL Category=2
access-list 102 remark IPSec Rule
access-list 102 deny   ip 192.168.1.0 0.0.0.255 172.16.254.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit udp host 172.16.254.3 eq domain any
access-list 103 permit udp host 172.168.254.3 eq domain any
access-list 103 permit udp host 172.16.254.1 eq domain any
access-list 103 permit udp host 217.xxx.xxx.xxx eq domain any
access-list 103 permit tcp host 80.xx.xx.xx host 217.dd.dd.dd eq 22
access-list 103 permit tcp host 80.xx.xx.xx host 217.dd.dd.dd eq 443
access-list 103 permit tcp host 80.xx.xx.xx host 217.dd.dd.dd eq cmd
access-list 103 deny   tcp any host 217.ff.ff.ff eq telnet
access-list 103 deny   tcp any host 217.ff.ff.ff eq www
access-list 103 deny   udp any host 217.ff.ff.ff eq snmp
access-list 103 permit tcp any host 217.ff.ff.ff eq 3389
access-list 103 permit tcp any host 217.ff.ff.ff eq 443
access-list 103 permit udp host 217.xx.xx.xx eq domain host 217.xx.xx.xx
access-list 103 permit ahp host 194.cc.cc.cc host 217.bb.bb.bb
access-list 103 permit esp host 194.cc.cc.cc host 217.bb.bb.bb
access-list 103 permit udp host 194.cc.cc.cc host 217.bb.bb.bb eq isakmp
access-list 103 permit udp host 194.cc.cc.cc host 217.bb.bb.bb eq non500-isakmp
access-list 103 remark IPSec Rule
access-list 103 permit ip 172.16.254.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 deny   ip 195.14.129.36 0.0.0.3 any
access-list 103 deny   ip 192.168.1.0 0.0.0.255 any
access-list 103 permit icmp any host 217.aaa.aaa.aaa echo-reply
access-list 103 permit icmp any host 217.aaa.aaa.aaa time-exceeded
access-list 103 permit icmp any host 217.aaa.aaa.aaa unreachable
access-list 103 permit tcp any host 217.aaa.aaa.aaa eq 443
access-list 103 permit tcp any host 217.aaa.aaa.aaa eq 22
access-list 103 permit tcp any host 217.aaa.aaa.aaa eq cmd
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip any any log
access-list 104 remark SDM_ACL Category=2
access-list 104 remark IPSec Rule
access-list 104 deny   ip 192.168.1.0 0.0.0.255 172.16.254.0 0.0.0.255
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq www
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq ftp
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq ftp-data
access-list 104 permit udp 192.168.1.0 0.0.0.255 any eq domain
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq pop3
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq smtp
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 123
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 3389
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 1723
access-list 104 permit gre 192.168.1.0 0.0.0.255 any
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 143
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 993
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 995
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 465
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 1701
access-list 104 permit tcp 192.168.1.0 0.0.0.255 any eq 4000
access-list 104 permit icmp 192.168.1.0 0.0.0.255 any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit udp any host 195.yyy.yyy.yyy eq non500-isakmp
access-list 105 permit udp any host 195.yyy.yyy.yyy eq isakmp
access-list 105 permit esp any host 195.yyy.yyy.yyy
access-list 105 permit ahp any host 195.yyy.yyy.yyy
access-list 105 deny   ip 217.yyy.yyy.yyy 0.0.0.3 any
access-list 105 deny   ip 192.168.1.0 0.0.0.255 any
access-list 105 permit tcp any host 217.yyy.yyy.yyy eq 443
access-list 105 permit icmp any host 195.yyy.yyy.yyy echo-reply
access-list 105 permit icmp any host 195.aaa.aaa.aaa time-exceeded
access-list 105 permit icmp any host 195.aaa.aaa.aaa unreachable
access-list 105 permit tcp any host 195.aaa.aaa.aaa eq 443
access-list 105 permit tcp any host 195.aaa.aaa.aaa eq 22
access-list 105 permit tcp any host 195.aaa.aaa.aaa eq cmd
access-list 105 deny   ip 10.0.0.0 0.255.255.255 any
access-list 105 deny   ip 172.16.0.0 0.15.255.255 any
access-list 105 deny   ip 192.168.0.0 0.0.255.255 any
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any
access-list 105 deny   ip host 255.255.255.255 any
access-list 105 deny   ip host 0.0.0.0 any
access-list 105 deny   ip any any log
access-list 110 remark SDM_ACL Category=18
access-list 110 permit tcp 192.168.1.0 0.0.0.255 any eq www
access-list 110 permit tcp 192.168.1.0 0.0.0.255 any eq 3389
access-list 110 deny   ip any any
route-map cytanet permit 10
 match ip address 110
 match interface Serial0/0/0.1
!
route-map thunderfast permit 10
 match ip address 104
 match interface GigabitEthernet0/1
!


I also want to make static nat to internal hosts through wireless connection if possible.
Any suggestions?

Thanks!

Answer : Two different ISP's on cisco 2821!

Just set up nat and configure your wireless interface with "ip nat inside", you must also configure the outside interface interface facing the internet): "ip nat outside"

ip nat inside source static > e>  --- do this for each translation


harbor235 ;}
Random Solutions  
 
programming4us programming4us