https://community.cisco.com/t5/network-security/load-sharing-versus-firewall/m-p/703086#M1034058 <P>I have a 2811 with two T1 lines incoming which are set to load-sharing per-packet.</P><P></P><P>I want to be able to send traffic out (web browsing, IM, etc.) and allow traffic in to specific servers (http, https, etc.).</P><P></P><P>I've been tearing my hair out trying to get the firewalling to work correctly. It appears that the firewall (in particular inspecting outgoing traffic) is not compatible with load-sharing per-packet. I end up with packets dropping (which suspiciously turns out to be about 50% of them).</P><P></P><P>Anyone have experience getting this to work or have ideas for things to try?</P><P></P><P>I'm at the point where I'm just going to put another firewall appliance behind the 2811 and call it a day. </P><P></P><P>Thanks,</P><P> Greg</P><P></P> Mon, 11 Mar 2019 08:59:29 GMT ggilley 2019-03-11T08:59:29Z https://community.cisco.com/t5/network-security/load-sharing-versus-firewall/m-p/703086#M1034058 <P>I have a 2811 with two T1 lines incoming which are set to load-sharing per-packet.</P><P></P><P>I want to be able to send traffic out (web browsing, IM, etc.) and allow traffic in to specific servers (http, https, etc.).</P><P></P><P>I've been tearing my hair out trying to get the firewalling to work correctly. It appears that the firewall (in particular inspecting outgoing traffic) is not compatible with load-sharing per-packet. I end up with packets dropping (which suspiciously turns out to be about 50% of them).</P><P></P><P>Anyone have experience getting this to work or have ideas for things to try?</P><P></P><P>I'm at the point where I'm just going to put another firewall appliance behind the 2811 and call it a day. </P><P></P><P>Thanks,</P><P> Greg</P><P></P> Mon, 11 Mar 2019 08:59:29 GMT https://community.cisco.com/t5/network-security/load-sharing-versus-firewall/m-p/703086#M1034058 ggilley 2019-03-11T08:59:29Z https://community.cisco.com/t5/network-security/load-sharing-versus-firewall/m-p/703087#M1034059 <HTML><HEAD></HEAD><BODY><P>Hi Greg.</P><P></P><P>Can you please give some details as to where the firewall is placed in your network.</P><P></P><P>regards</P><P>Zubair</P></BODY></HTML> Thu, 23 Nov 2006 11:07:05 GMT https://community.cisco.com/t5/network-security/load-sharing-versus-firewall/m-p/703087#M1034059 zubairjalal 2006-11-23T11:07:05Z https://community.cisco.com/t5/network-security/load-sharing-versus-firewall/m-p/703088#M1034060 <HTML><HEAD></HEAD><BODY><P>Basically, the two T1s are my WAN connections. I have load-sharing per-packet on them to boost performance.</P><P></P><P>Behind the 2811 is my LAN connection. On it I have various servers. I also have a connection to another router which has clients behind it. So I need to allow traffic to my servers on my LAN and traffic out from the LAN from the other router to the internet.</P><P></P><P>Here's the basic config. I've left the rules out.</P><P></P><P>interface FastEthernet0/0</P><P> ip address 12.xx.xx.xx 255.255.255.240</P><P> no ip redirects</P><P> no ip unreachables</P><P> no ip proxy-arp</P><P> ip route-cache flow</P><P> duplex auto</P><P> speed auto</P><P> no mop enabled</P><P></P><P>interface Serial0/0/0</P><P> bandwidth 1536</P><P> ip address xx.xxx.xxx.xxx 255.255.255.252</P><P> ip verify unicast reverse-path</P><P> no ip redirects</P><P> no ip unreachables</P><P> no ip proxy-arp</P><P> ip load-sharing per-packet</P><P> ip virtual-reassembly</P><P> encapsulation ppp</P><P> ip route-cache flow</P><P> service-module t1 remote-alarm-enable</P><P></P><P>interface Serial0/1/0</P><P> bandwidth 1536</P><P> ip address xx.xxx.xxx.xxx 255.255.255.252</P><P> ip verify unicast reverse-path</P><P> no ip redirects</P><P> no ip unreachables</P><P> no ip proxy-arp</P><P> ip load-sharing per-packet</P><P> ip virtual-reassembly</P><P> encapsulation ppp</P><P> ip route-cache flow</P><P> service-module t1 remote-alarm-enable</P><P></P></BODY></HTML> Thu, 23 Nov 2006 17:22:31 GMT https://community.cisco.com/t5/network-security/load-sharing-versus-firewall/m-p/703088#M1034060 ggilley 2006-11-23T17:22:31Z