Garage double NAT & DHCP - bridge Possible issue error

Similar Questions

• Question about the issue of the Double NAT...

  Hah I posted for a little.  I have a question about Double NAT.  Is it wise to launch?  Reason why is that I have a WRT54G v6 router and the Zoom ADSL X 4 Modem/Router/gateway and it seems that sites take just a little more time to respond to Web sites.  I just want to know I have to turn off (i.e., go in with my router bridge Mode) or what.  Or leave it alone.  Now one last thing: that the problem of slow could actually be AT & T but I have the feeling that this isn't.

  What configuration options you have on the Zyxel to fill? What have you tried exactly?

  The basis for the first option is:

  * Bridged Zyxel.

  * Linksys configured for PPPoE with your user name and password for the internet connection.

  Instructions to fill the Zyxel are here or here depending on the exact model of Zyxel.

  The second option is:

  * Zyxel doing business as the router. I assume here that the Zyxel is on 10.0.0.2 with a subnet mask 255.255.255.0.

  Unplug the Linksys to the Zyxel. Connect a computer to the Linksys. Open the web interface of the WRT to http://192.168.1.1/

  On the main Setup page:

  1. change the LAN IP of 192.168.1.1 address 10.0.0.1.

  2 disable the DHCP server.

  3. save the settings. You will lose the connection. Unplug the computer.

  4. wire one of the numbered LAN ports of the Linksys for the Zyxel. Do not use the internet port of Linksys!

  Now you should be able to open the Linksys web interface to http://10.0.0.1/ all devices connected wireless of Linksys or connected to one of the three LAN ports must have a connection to the internet via the Zyxel.

• Strange double NAT, although there is only a single router

  My ISP (RCN) changed my modem at a speed greater than one.  Although a router built-in, I told them that I didn't use their router, only my Time Capsule, so they disabled.  However, my Time Capsule kept gives me an error message Double NAT and amber flashing against Green, even though everything seemed to work (wireless and wired) and said that I should switch DHCP and NAT to bridge mode.  Correction of the error, but I do not understand what caused the Double NAT if there is only a single router.  The ISP Technical Support people confirmed their control center is not the router feature on in the new modem, I ask.  They also said that their network supports DHCP, although they have other who use the Bridge Mode, although they do not support.   And they knew nothing about it, he said to ask Apple.  They also offered to switch back, but because this modem is faster at the same price.  (He called a bypass gateway 3-in-1).  Many people online told not to use his router, it's why I unplug it and only use the time Capsule.

  So if someone can give me feedback, I'd appreciate it. I must:

  1. keep running the new modem and my Time Capsule in Bridge Mode.

  2. run the new modem in DHCP mode, as they put in place and do not worry Time Capsule seeing amber / flashing Double NAT error.

  3 swap back to the previous modem, which was 50 Mbps against it with (theoretically) 155 Mbit/s (it's only works in 50-70).

  I'm not really all that, but I hope that one of you maybe.  Thank you!!!

  Although a router built-in, I told them that I didn't use their router, only my Time Capsule, so they disabled.

  ISPS often make the mistake of simply turn off the radio on a modem/router...which service does not disable the router function of the device. You still have a wired router when ISPS are making this mistake.

  However, my Time Capsule kept giving me an error message Double NAT

  This confirms again that the ISP has not disabled the function of the router to your modem/router.  On some modems/routers or gateways, it is not possible to get the device to act as a simple modem.

  The ISP Technical Support people confirmed their control center is not the router feature on in the new modem, I ask.

  The fact remains that you wouldn't see a Double NAT error unless the ISP system acted as a router... Despite what people of PSI say. You may need to get a 2nd or 3rd person-level support, who knows what they are doing.

  1. keep running the new modem and my Time Capsule in Bridge Mode.

  Yes, if you want to avoid the mistake of NAT Double... what you are doing. But, the time Capsule will not be your router.  The device of the ISP will be.

  2. run the new modem in DHCP mode, as they put in place and do not worry Time Capsule seeing amber / flashing Double NAT error.

  This only if you willing to accept the fact that the ISP did not correctly change your gateway to make it work as a simple modem only.  You might be able to get away with a Double NAT error on a simple network, but there is no reason more complicate things with a misconfiguration in unless whether there are a few reasons to do it and it can't be avoided.

  3 swap back to the previous modem, which was 50 Mbps against it with (theoretically) 155 Mbit/s (it's only works in 50-70).

  Your decision if you want to run a simple modem with time Capsule, or accept the fact that the time Capsule won't have your router when it is configured in Bridge Mode, or you see a Double NAT error on the network.

  If it were me, I would go back to what I know will work properly... the simple modem and time Capsule as the router.

• Airport Extreme Double NAT / AT & T NVG510

  My Internet connection has worked very well for several years, until recently, when the simple DSL modem (a Motorola 2210-02 - 1ATT) provided by AT & T began to experience intermittent outages. Initially, the DSL modem would lose the line for a minute or two at a time. But within 48 hours, the line started to drop during the hours in a row (synchronization failed line DSL). Whenever the modem has lost the line, my Airport Extreme (the router on my home network), shows a "Double NAT" alert. But whenever the modem 2210-02 DSL connection has been restored, alert the Airport Extreme's "Double NAT" disappeared.

  After a day and a half problems, the line is down for so many hours that I finally called AT & T to check the status of our range. So, AT & T sent a technician who concluded fairly quickly the 2210-02-1ATT was the problem and replaced it with a modem/router combo (manufacturing date 11/2014) NVG510 (with router function disabled in the settings).

  The speed that results and the quality of the connection via the NVG510 were good, so the tech packed 2210-02 in his bag and left. But now I get that alert "Double NAT" once again on my Airport Extreme, even if the home network is apparently working as well as it ever did.

  The only setting I changed was on the NVG510 - as soon as the technology has left, I turned off the WiFi on the NVG510 function because I want the Airport Extreme to my router, same as always.

  So far so good. After 24 hours with the NVG510 in place, the network worked well with no major hiccups, the only exception being the status of "Double NAT" alert displayed in Airport utility. In fact, had I have not bothered to watch Airport utility, I don't know that there was a "Double NAT" alert

  Everything on the side of the NVG510 LAN is identical to what was in place with the 2210-02...

  Airport Extreme 802.11ac works as "router" with the WiFi signal on another floor via an Airport Extreme 802.11n wireless (5th generation).

  The WiFi signal provides web access to some desktop Mac, AppleTV, devices, mobile phones, tablet computers and a laptop (laptop is the only device that uses a VPN).

  The network on the Airport Express 802.11ac, who serves as router, is "DHCP and NAT." and the "5th Gen," which extends the wireless network, set mode "bridge."

  After hours of searching online, I understand that this problem is surely the result of the NVG510, and that this problem exists for at least five years. I've read at least a few tens of different ways to try a fix via adjustments to settings, but none reached the level of a real solution.

  Although my network is no problem at the moment, I'm afraid that "Double NAT" alert is a sword of Damocles that will eventually crash my network, a situation I like to avoid. I dared not yet connect the laptop with a VPN to the router, but out of fear that will bring down the whole network.

  I'd rather solve the "Double NAT" proactively.

  Is there a a way to eliminate the Double "Nat" by adjusting the parameters of the NVG510 and/or the Airport Extreme?  Or, my fears of future problems and a VPN disaster are unfounded?

  Thank you

  According to your comments, the NVG510 has not been reconfigured as a bridge and is providing routing functions (NAT & DHCP).

  To resolve the Double NAT is the new Motorola NVG510 or AirPort Extreme needs to be reconfigured under a bridge. The simplest solution would be to reconfigure the extreme. In this way, the NVG510 can handle NAT & DHCP services required by clients of network connected to the extreme to access the Internet.

  To reconfigure the extreme as a gateway, use the AirPort Utility, as follows:

  • Run the AirPort Utility and then select the extreme.
  • Click on Extreme and then, select Edit.
  • Click the network tab to select it.
  • Change the router Mode to: Off (bridge Mode)
  • Click on update and allow extreme restart.

• VMware - player nat / dhcp settings

  Hi all

  I would like to ask you a few questions about nat and DHCP settings.

  I have instaled vmware player 5.0.2 build-1031769, I have try some tutorials how to extract or find vmnetcfg.exe but without success.

  Do you have any idea how to change NAT / DHCP settings...?

  On the other hand, I have configured my computer viirtual as 'hosting only' in the network tab, but I have not received all the ip addresses of Vmnet1...

  Thanks in advance

  Roman

  VMware Player 5.x comes more with the editor of network virtual vmnetcfg.exe but it comes with and installs the vmnetui.dll and can be raised by running the following in a command prompt administrator from the VMware Player command working directory (or include the QPF of vmnetui.dll in the command line).

  rundll32.exe vmnetui.dll VMNetUI_ShowStandalone
  

  Post edited by: WoodyZ originally posted may 2, 2013 09:23. The command line requirements clarified.

• Routers chained E900 - double NAT

  I understand double and triple NAT is unstable.

  How to configure routers to solve this problem?  DMZ?  port forwarding?

  Here is my configuration:

  comcast modem--->---> router Netgear router E900

  I want to divide the internet access from a single IP DHCP of Comcast to two separate networks; business network the router E900 and comments for Netgear router network.

  Please keep in mind:

  -I want the E900 and Netgear network is completely separate and invisble to the other for security issues.

  -i want hosts to connect to networks with no special configuration required then I would like if possible that DHCP on both routers,

  thx for any help

  You certainly don't want to put the E900 in bridged mode. Put the E900 in to fill the mode would not meet your security requirements.

  Your first statement in your first post "I understand the double and triple NAT is unstable" is an incorrect statement. I have currently triple a NAT configuration and there is nothing unstable at all. The only time where people suffer from instability and problems is when they don't cascade NAT routers correctly. In other words, if you try to cascade NAT routers and put them both on the same local network segment... you will most likely problems.

  Why you want to work around NAT?

  It seems you have the routers cascade properly, so there is no need to bypass the NAT.

  If you post the brand and model of your modem, someone here on the forum can tell you if it's a NAT router or a simple dumb modem.

• NAT with Snow Leopard issue

  For the poster who will say "Google is your friend", no it is not, or I wouldn't be here.

  I tried for a while now to solve the only problem I have with Snow Leopard Server.

  MySql has fallen lion and, apparently, no one knows how to use postgrl so I installed MySql and plundered with her for a few hours to get this working.  There were various other issues with Lion.  Finally, I went to Yosemite.  Hey Apple, where is the GUI?  Then at el Capitan and finally tried Sierra (no server app at all yet).

  For me, each 'step-up' taking things and running weaker than the last.

  Welcome to Snow Leopard.  I'll stick with it for a while to come.

  The only problem I have with Snow Leopard, it's that when it restarts, the NAT will not start upward.  Other than that, it does a magnificent job to maintain my home network.  I searched high and low for an answer without success.  A few posters who have addressed this problem specifically here never got a response.

  As this seems to be about three years or more, since this question was asked and it seems that some have migrated to the SLS, I was wondering if anyone has found a solution.

  As it is now, as soon as there is a need to reboot, I just disable the NAT service, restart and turn it back on.  In the case of a failure of current (longer than the inverter can maintain) or just a random crash, I have to kill the firewall and NAT then the configuration of the gateway of new service that requires fixing the various omissions and errors and I'm good to go again.

  Any help would be greatly appreciated.

  You have posted in the forum of Snow Leopard Client.  I ask that to move this post.  In the meantime, you can see the various forums about this trick:

  http://discussions.Apple.com/docs/doc-2463

• Adobe Production Premium CS5.5 installation and other issues errors

  Hello

  I have just installed CS5.5 Adobe Production Premium on my computer and had a few errors pop up at the end of the installation.  I will paste the summary below.   I tried to install Procction Premium a couple of times.  I used the Adobe cleaning tool.  What I did the research, the Flash issue is a false error given that Flash was already installed on the computer.   The rest is connected to the program as well Flash?

  Thr programs all appear to work except for the below question well.

  My other question is that when I'm in Windows Explorer and I am entitled to say a .jpg file and select open with...  I am not able to choose Adobe Photoshop or Illustrator for this question.  I have Dreamweaver CS4 and who is presented as an option.  I went through the process of trying to add the Adobe Photoshop .exe file, but it still does not work.  However, if I open Adobe Bridge, I can select Photoshop or Illustrator to open a file.  Is this related to my setup or is there something else?  I uninstall an older version of Adobe Photoshop 7.0 I've had for years, but it was prior to the installation of Production Premium CS5.  Could that have caused a problem?  I read that uninstalling an old Photoshop can cause problems like this.

  Any help would be greatly appreciated.

  Exit code: 6

  -------------------------------------- Summary --------------------------------------

  -0 fatal Error (s), 4 (s), 2 warning (s)

  -Payload: {CFA46C39-C539-4BE9-9364-495003C714AD} standard Adobe 2.0 2.0.0.0.

  WARNING: DF029: ARKServiceControl::StartService: standard Service not started or stopped. Current

  Status: Exit Code 0: 0 Service specific exit Code: 0 (Seq 1)

  -Payload: {2EE4F060-CEE6-4002-AA8B-91B791541767} Pixel Bender Toolkit 2.6.0.0 -.

  WARNING: DF035: file CreateAlias:Icon does not exist in C:\Program Files (x 86)

  \Adobe\Adobe utilities - CS5.5\Pixel Bender Toolkit

  2.6\windows\pb_app.icofile:\\\C:\PIXELB~1\source\winwood\Staging 0X1.7E8FC6P-

  1021rea\windows\pb_app.ico42178f80493091e8e552c84a2897e9da68fce32_32_f80493091e8e552c84a28 97e9da68fce for 2.6.lnk C:\ProgramData\Microsoft\Windows\Start Start Production Premium CS5.5\Adobe Pixel Bender Toolkit icon with target C:\Program Files (x 86) \Adobe\Adobe Utilities - CS5.5\Pixel Bender Toolkit 2.6\Pixel Bender Toolkit.exe (Seq 89)

  -Payload: {43A1C48E-3E50-410e-951C-E17A66BBF824} Adobe Flash Player 10 Plugin 10.0.0.0.

  ERROR: Error 1722.There is a problem with this Windows Installer package. A program running in the framework

  installation did not complete as expected. Contact your provider to support personal or package. Action

  NewCustomAction1, location: C:\Users\RYANAN~1\AppData\Local\Temp\InstallPlugin.exe, command: -.

  install the plugin - msi

  ERROR: Install payload MSI failed with the error: - 1603 Fatal error during installation.

  MSI error: 1722.There error is a problem with this Windows Installer package. A program managed

  as part of the Setup did not finish as expected. Contact your provider to support personal or package.

  Action NewCustomAction1, location: C:\Users\RYANAN~1\AppData\Local\Temp\InstallPlugin.exe,.

  control: - install the plugin - msi

  ERROR: DW050: the following payload errors were found during the installation:

  ERROR: DW050:-Adobe Flash Player 10 Plugin: installation failed

  -------------------------------------------------------------------------------------

  Post edited by: rynohose

  Yes, your installation errors seem to be false harmless errors associated with the brain dead install Flash. If the programs seem to work fine, don't worry in this regard. As much as not being only unable to open images with Photoshop from Windows Explorer, I recommend you to take this issue to the Photoshop forum.

• Help on upgrading 10.7.5 El captain in MS Office and other possible issues

  Hello!

  I have a Mac Book Pro December 2011, OS X 10.7.5. I struggled with the implementation of php and many other issues and have been repeatedly invited to improve my OS. As a newbie in CS, I frankly scared - it's the only computer I have, and I can't lose/break/brick/etc, because I won't be able to fix any serious problem at the moment, not until I know what's best. But I'm really tired of losing time because of low productivity, constant freezing and other issues; and also feel ashamed bothers people on forums like this one, only because I have an obsolete system and lack of appropriate knowledge (the latest is not shameful because I learn, but the first can be really annoying for people who help me).

  Please, help me with this question:

  (1) is it safe to upgrade directly to el Captain 10.7.5?

  (2) If Yes on first, what are the possible problems that may arise and what should I do to avoid problems?

  (3) should I reinstall MS Office to upgrade the OS? This is crucial for me because I found out that I have to buy new MS Office, as Microsoft staff informed me. This isn't really the best money for me at the moment.

  Thank you very much for your help and your understanding!

  -First clone your boot existing to another disk drive.

  http://nyacomputing.com/how-to-create-a-bootable-clone-of-your-Mac-hard-drive/

  -Consult the developer of your applications if they will work with El Capitan.  Some may require updates and some may simply not work, and you must buy an upgrade. A MS Office for Mac license will be valid when upgrading to El Capitan, if the version you have is compatible with El Capitan.

  -In EL Capitan Apple strengthened for some hardware will require drivers drivers updated signature. For some hardware updated drivers are not available.

• Image Podcast issue: error message

  I've worked with people very intelligent two for two days and we cannot figure out how to get our podcast released on iTunes.

  • We have the site host (software library).
  • We posted on Tumblr.
  • We put it through a feedburner to extract the RSS.
  • We did our image 1500 x 1500, which lies between the 1400 x 1400-3000 x 3000 settings.

  We always get this error message and can not work our way around it.

  Podcast work must be understood from 1400 x 1400 to 3000 x 3000 pixels, JPG or PNG, in the RGB color space and hosted on a server that allows HTTP HEAD requests.

  Any advice would be SO greatly appreciated. Currently, we organize our picture on a site public squarespace. This is a jpg.

  It is not really possible to comment unless you post the URL of your feed - if you have more than one, the version that you propose to submit to the iTunes Store.

• Update issues (error Code 646) or "WindowsUpdate_00000646" "WindowsUpdate_dt000"

  I constantly have problems with updates. It seems to be their installation. But when it's over I get a message saying "some updates were not installed". "Error found: Code 646 Windows Update has encountered an error." Get help with this error"I click on get help with this error and a window opens. 1 result for "WindowsUpdate_00000646" "WindowsUpdate_dt000", and a troubleshooting link appear. But, I can't find any sollutions. What can be done to solve this problem and other future issues updated?

  God,

  A KB was created for 646 error code that appears during the installation of the updates of Microsoft Office. The KB includes a TI automatedFix, which corrects the problem. Look at the following KB:http://support.microsoft.com/kb/2258121

  Please let us know if that helps.

• Services do not start. I get error 5 - BFE, DHCP, & DPS; I get error 1068-IKE, IPsec Service & network list

  Vista Home Premium SP2

  Error 5: Access denied

  Cannot start BFE Base Filtering Engine service

  DHCP Client service

  Diagnostic policy service

  Error 1068: The dependency group or the service could not start

  IKE and AuthIP IPsec Keying Modules

  IPsec policy agent

  Network list service

  Error 1073741288

  Network location awareness

  I checked the forum after forum with no luck.  Any ideas?

  Hello

  ·         What services can you try to start?

  ·         What is the problem you are having with the computer?

  ·         Logged in Administrator?

  ·         You will remember to do recent changes on the computer before this problem?

  ·         Your computer is on the field?

  Response with above information to better help you.

  I suggest you to follow the steps in the link and check if the problem occurs:

  http://answers.Microsoft.com/en-us/Windows/Forum/windows_vista-networking/Windows-could-not-start-error-1068-the-dependency/7963d72a-5d73-44fe-8316-058c46235737?page=1

• WSUS issue error 800 b 0001 code found in Windows update of the client.

  We used WSUS server 08 to Headquarters for a few months without any problems.  Initially, all our machines HQ & branches are pointed to it.   Recently, we configure WSUS in the branches which is the server WSUS downstream headquarters.  We have created an advertising policy for point machines branches to them.  Machines of branches are automatically detected in the new WSUS server, however, none of the machines' reported in.

  Error code 800 b 0001 found in Windows update of the client.

  Help, please.  Thank you.

  This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)

  *

  http://social.technet.Microsoft.com/forums/en-us/home s/fr-U.S./Accueil
  http://social.msdn.Microsoft.com/Forum

• Single user AD not found in import / & possible issues of the telephone unit

  We have recently completed an upgrade of unity 3.1.5 to unity 4.0 (4) SR 1.

  We have a bizarre situation where all current subscribers that existed before the configuratrion work fine - but they are not able to access the unit on the phone - they enter their name and password - and then the system stops before coming back with "not able to process your request at this time." They are able to receive voice messages in their Inbox. Password has not helped.

  As a workaround, we discovered that if we deleted the subsriber then recreated his/her everything worked fine.

  However, recently, we have removed five subscribers (all in a single Active Directory OR Department) and then recreated them. The fifth, but four worked - simple disappeared from the unit and more appeared in a query to import either.

  We checked the permissions manually and they look identical to other subscribers - access Directory diagnostic tool reports no problem for the specific user to the relevant mailstore.

  We run on unity 4.0 (4) SR 1 and the server Exchange is Exchange 2000 SR3 with the latest cumulative hotfix - although we do not have a test server Exchange 2003 installed (with no production on this user) and so the AD tree is now proepped for E2K3.

  Any ideas why this user will not be displayed - or (if it goes to a larger issue) why specific phone-in capacity appear to die for all those users when nothing else has done?

  Thanks in advance for any ideas :-)

  -Ken

  In regards to users breaks down when they connected - we would need to see errors in the log application events that were added when the user got the failsafe - tithes $ conversation the login to the mail store for that user was not due to problems with permission of some sort. Without doubt, you have changed the configuration of service account when you upgraded? 3.1 (5) has used a single directory/mailstore default access account and 4.x uses two separate accounts. Just a guess without any type of errors to watch but that would be my first guess.

  As for the guy goes missing - you can look at the raw properties of the advertising on this one - especially the value of ciscoECSBULocationObjectId and ciscoECSBULocationObjectType (I think that these names are correct - I'm not in front of a box of the unit at the moment)-if we are not showing them to import, this means usually we see that one or two of those has the value , and we assume that they are a subscriber to another area of the unit in the directory or similar. Firstly, I could check all the properties of "ciscoECSBUxxx" on this guy and see what they are about and from there.

• router in 1921 with the double nat ADSL problem

  I have problems with the implementation of a router in 1921 with double lines ADSL for failover. For some reason any internet traffic keeps using Dialer 1 as internet main connection, while 2 Dialer should be primary. Also, when I finish my NAT with allowed a full acl, it translates the public ip address of the 2-to-1 Dialer the Dialer before she sends in the internet.

  This is my config:

  !
  interface GigabitEthernet0/0
  Voice netwerk description
  IP 192.168.77.254 255.255.255.0
  IP helper 192.168.177.1
  IP helper 192.168.177.254
  IP nat inside
  IP virtual-reassembly in
  IP tcp adjust-mss 1400
  automatic duplex
  automatic speed
  !
  interface GigabitEthernet0/1
  Inside the interface description
  IP 192.168.177.254 255.255.255.0
  IP mtu 1492
  IP nat inside
  IP virtual-reassembly in
  IP tcp adjust-mss 1400
  automatic duplex
  automatic speed
  !
  ATM0/0/0 interface
  Description 1/10 Mb Tele2 ADSL
  no ip address
  No atm ilmi-keepalive
  PVC 0/35
  aal5mux encapsulation ppp Dialer
  Dialer pool-member 1
  !
  !
  interface Ethernet0/0/0
  no ip address
  Shutdown
  !
  ATM0/1/0 interface
  no ip address
  No atm ilmi-keepalive
  !
  interface Ethernet0/1/0
  VDSL 5/50 Mb KPN description
  no ip address
  !
  interface Ethernet0/1/0.6
  KPN VDSL description
  encapsulation dot1Q 6
  PPPoE enable global group
  PPPoE-client dial-pool-number 2
  service-policy output parent policy
  !
  interface Dialer1
  Tele2 ADSL description
  the negotiated IP address
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  IP mtu 1492
  NAT outside IP
  IP virtual-reassembly in
  encapsulation ppp
  IP tcp adjust-mss 1400
  Dialer pool 1
  Authentication callin PPP chap Protocol
  PPP pap sent-username *.
  No cdp enable
  card crypto SAL_map
  !
  interface Dialer2
  VDSL KPN description
  the negotiated IP address
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  IP mtu 1492
  NAT outside IP
  IP virtual-reassembly in
  encapsulation ppp
  IP tcp adjust-mss 1400
  load-interval 30
  Dialer pool 2
  PPP authentication pap callin
  PPP pap sent-username *.
  No cdp enable
  card crypto SAL_map_VDSL

  !

  IP nat inside source overload map route sheep interface Dialer1
  IP nat inside source overload map route nonat2 interface Dialer2
  IP route 0.0.0.0 0.0.0.0 Dialer2 Track1
  IP route 0.0.0.0 0.0.0.0 Dialer1 254
  !

  auto discovering IP sla
  ALS IP 10
  echo ICMP - 62.69.174.75 source-interface Dialer2
  Timeout 30000
  frequency 30
  Annex IP SLA 10 life never start-time now
  !

  access-list 102 deny ip 192.168.177.0 0.0.0.255 host 192.168.1.249
  access-list 102 deny ip 192.168.178.0 0.0.0.255 host 192.168.1.249
  access-list 102 deny ip 192.168.179.0 0.0.0.255 host 192.168.1.249
  access-list 102 deny ip 192.168.177.0 0.0.0.255 172.28.1.0 0.0.0.255
  access-list 102 deny ip any 192.168.255.0 0.0.0.255
  access-list 102 deny ip any 192.168.254.0 0.0.0.255
  access-list 102 deny ip 192.168.177.0 0.0.0.255 192.168.179.0 0.0.0.255
  access-list 102 deny ip 192.168.177.0 0.0.0.255 192.168.178.0 0.0.0.255
  access-list 102 deny ip 192.168.177.0 0.0.0.255 192.168.79.0 0.0.0.255
  access-list 102 deny ip 192.168.177.0 0.0.0.255 192.168.78.0 0.0.0.255
  access-list 102 deny ip 192.168.77.0 0.0.0.255 192.168.179.0 0.0.0.255
  access-list 102 deny ip 192.168.77.0 0.0.0.255 192.168.178.0 0.0.0.255
  access-list 102 deny ip 192.168.77.0 0.0.0.255 192.168.79.0 0.0.0.255
  access-list 102 deny ip 192.168.77.0 0.0.0.255 192.168.78.0 0.0.0.255
  access-list 102 permit ip 192.168.177.0 0.0.0.255 any
  access-list 102 permit ip 192.168.77.0 0.0.0.255 any
  !

  Dialer-list 1 ip protocol allow
  Dialer-list 2 ip protocol allow
  !
  nonat2 allowed 10 route map
  corresponds to the IP 102
  Set the interface Dialer2
  !
  sheep allowed 10 route map
  corresponds to the IP 102
  Set the interface Dialer1

  the ACL is built to exclude some ips private for ipsec VPN destinations.

  Any suggestions on what I'm missing? It must use dialer 2 as primary internet connection and failover of Dialer 1 if IP SLA fails. The SLA config seems to work properly:

  SH ip route

  S * 0.0.0.0/0 is directly connected, Dialer2
  84.0.0.0/32 is divided into subnets, subnets 1
  C 84.246.25.231 is directly connected, Dialer1
  145.131.0.0/32 is divided into subnets, subnets 1
  C 145.131.131.112 is directly connected, Dialer2
  192.168.77.0/24 is variably divided into subnets, 2 subnets, 2 masks
  C 192.168.77.0/24 is directly connected, GigabitEthernet0/0
  The 192.168.77.254/32 is directly connected, GigabitEthernet0/0
  192.168.177.0/24 is variably divided into subnets, 2 subnets, 2 masks
  C 192.168.177.0/24 is directly connected, GigabitEthernet0/1
  The 192.168.177.254/32 is directly connected, GigabitEthernet0/1
  192.168.254.0/24 is variably divided into subnets, 2 subnets, 2 masks
  S 192.168.254.0/24 is directly connected, Dialer2
  192.168.254.37/32 S [1/0] via 77.241.229.241
  S 192.168.255.0/24 is directly connected, Dialer1
  212.121.121.0/32 is divided into subnets, subnets 1
  C 212.121.121.183 is directly connected, Dialer2
  213.144.228.0/32 is divided into subnets, subnets 1
  C 213.144.228.72 is directly connected, Dialer1

  http://docwiki.Cisco.com/wiki/category:NAT

  Above document indicates "Beware of the use of the ACL for the NAT with" ip allow a whole ' you can get unpredictable results. " I suggest using the "road-map sheep/nonat2 permit 20" instead of "allow a whole."

  For others, change the config as follows-

  !

  ALS IP 10
  Dialer2 interface source ICMP echo 8.8.8.8
  Timeout 30000
  frequency 30
  Annex IP SLA 10 life never start-time now

  !

  IP route 8.8.8.8 255.255.255.255 permanent dialer2

  !

  !
  nonat2 allowed 10 route map
  corresponds to the IP 102
  match interface Dialer2
  !
  sheep allowed 10 route map
  corresponds to the IP 102
  match interface Dialer1

  !

  IP nat inside source overload map route sheep interface Dialer1
  IP nat inside source overload map route nonat2 interface Dialer2

  !

  NAT-TRACK event manager applet

  track event 1 show all

  order cli action 0.1 'enable '.

  action 0.2 wait 2

  action command 0.3 cli "clear ip nat translations forced."

  action 0.4 syslog msg "Translation NAT cleared after state change of track"

  !

  -Ginette