Site hosted by Angelfire.com: Build your free website today!


I have a Cisco Cisco 3925E    it has on it two DS3 lines which I like to treat independent from each other.

I can ping both Serial interfaces from the internet, and I can ping only GIG 0/0 from the internet.  but since the router is configured with one static route, GIG 0/1 can't be ping from the outside

Any help would be greatly appreciated

This is my current config:

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname MOVLABT3-CA-ES

boot-start-marker

boot-end-marker

card type t3 1

card type t3 2

enable secret 4 oMCBqgRTCeX5XeEW3HsBW6zI763Fibuq/UrLhF/91Rs

no aaa new-model

no ipv6 cef

ip source-route

ip cef

multilink bundle-name authenticated

crypto pki token default removal timeout 0

crypto pki trustpoint TP-self-signed-1015775704

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1015775704

revocation-check none

rsakeypair TP-self-signed-1015775704

crypto pki certificate chain TP-self-signed-1015775704

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31303135 37373537 3034301E 170D3132 30393237 31383132

  32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30313537

  37353730 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  810097B2 EE9BF6EF F19DDD93 71CA6D5B D672A749 6997BB7E 81256BFA A2BE8B0F

  E8EC5D36 F8618878 88C7016D D8998B95 293DE6F3 C0BB5CFE F2356AFD 26645A29

  F3BB69C9 46B6959B 98F35193 9729499A 8C9097FE BD0A80A4 727C87F8 963200CE

  E852DD3E 1F9F3B97 1DA1902D 7B352FAE 4FA08D32 95362373 887C6D02 6209152F

  73850203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14BCCEA0 AF8EBDF2 05F01968 14CAE720 A41AE8FE EA301D06

  03551D0E 04160414 BCCEA0AF 8EBDF205 F0196814 CAE720A4 1AE8FEEA 300D0609

  2A864886 F70D0101 05050003 81810066 18505A9D 0D3C4C8F 0C90108D F0606014

  0EAE4129 2908928E D4DA7FDC 17D2A21A 4B2689F3 AF6CA062 82A5E7EF 1A0EDA37

  297AE79B 65F7182E ED4A57D7 081EC729 A85F2AFB 5A46136A F0F91853 46C89FA7

  A1D9F67F 83961EFF E92D7363 D2862517 D1214501 84D675A0 8561891F 4E791F32

  6E67990A 9A7B49F9 8D1A8CA0 51AAF2

        quit

license udi pid C3900-SPE150/K9 sn FOC16313DE8

hw-module sm 1

hw-module sm 2

controller T3 1/0

cablelength 75

!

controller T3 2/0

cablelength 75

interface Embedded-Service-Engine0/0

no ip address

shutdown

interface GigabitEthernet0/0

ip address 207.168.4.49 255.255.255.240

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

interface GigabitEthernet0/1

ip address 206.135.120.114 255.255.255.240

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

ip address 206.135.100.202 255.255.255.252

ip nat outside

ip virtual-reassembly in

dsu bandwidth 44210

!

interface Serial2/0

ip address 205.214.40.6 255.255.255.252

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dsu bandwidth 44210

no ip classless

ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 206.135.100.201

access-list 1 permit 10.0.0.0 0.0.0.255

snmp-server community RO-N1mS0ft RO

control-plane

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

scheduler allocate 20000 100

The following configuration replaces the one i sent before -

int gi0/1

ip policy route-map PBR

access-list 101 permit ip 206.135.120.112 0.0.0.15 any

route-map PBR permit 10

match ip address 101

set ip next-hop 205.214.40.5

the above will send all traffic entering gi0/1 out via s2/0

If you also want to be able to ping the gi0/1 from the internet just add this line

ip local policy route-map PBR

you only need PBR for the gi0/1 interface, all other traffic will be sent using the default route.  Note that there is no checking if the next hop is up either with the default route or the PBR next hop. If you want failover then you would need to add IP SLA config   Cisco 3945   to achieve this.