ADSL, Cable Broadband and NAT with 1760 - Configuration Help Please

JasonPia · ‎09-18-2003

I'm new to Cisco routers and trying to setup a 1760 to load balance between two ISPs, one through a WIC-1ADSL and the other through a WIC-1ENET.

Both have a single IP address which I need to NAT overload through.

I have spent probably the best part of 2-3 days wading my way through the forums and the reams of Cisco documentation and configuration examples but I can't find an example of this setup. I can get the Broadband OR the ADSL to work but I seem to be coming unstuck on how to NAT BOTH the interfaces. The closest forum thread I found was http://forum.cisco.com/eforum/servlet/NetProf;jsessionid=b5e3x1agv1.SJ2A?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.ee943ac but unforunately nobody answered his question.

Can anybody point me in the right direction? Or post there own working configuration? That would give me enough to get me sorted. I don't need anything fancy, I'm not concerned about about making internal resources available over both interfaces apart from a mail server which I can sort out by having two MX records.

Thanks, Jason

kieran-kelly · ‎09-18-2003

Hi Jason

Scott as you know is away at the moment but i'm sure i can set you in the right direction. This can definitely be done, however we ourselves have stumble across some issues with the load-balancing on a per destination basis over ATM interfaces. But that would be far too much to go into.

What you basically need to do is setup 2 dialer interfaces and map them to your respective ADSL and ethernet interfaces. You then create 2 ip nat pools for each ISP that you have connections with to the internet.

In terms of load balancing this will be done with configuring you routes, create 2 wild card routes with next hops of the dialer interfaces.eg ip route 0.0.0.0 0.0.0.0 ?

The next thing is to specify which traffic you want Natted out to your 2 links. To do this you create 2 route-maps that match any traffic destined for the dialer interfaces eg. route-map test permit 10

match interface dialer ?

Once this done you have only to configure the nat statements that nat the route-maps to your nat pools that you have already created.

I hope have set you in the right direction.

Regards

Kieran Kelly

JasonPia · ‎09-19-2003

Kieran,

Thanks for the pointers, they are much apprecitated.

I have manged to get so far but am stuck on one point. What I am trying to achieve is load balancing over the two connections. I believe I do not need to go as far as BGP as I only want to load balance out (the only important incoming connection is SMTP and i can just set up two MX records to cover either connection).

So far I hve got the following configuration:

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

enable secret 5 xxxxxx

enable password xxxxxx

!

ip subnet-zero

!

ip cef

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

hold-queue 224 in

!

interface Ethernet0

ip address dhcp

ip nat outside

full-duplex

no cdp enable

!

interface FastEthernet0

ip address x.x.x.x 255.255.255.0

ip nat inside

speed auto

full-duplex

no cdp enable

!

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname xxxxxxxxxxxxxxxxxx

ppp chap password 0 xxxxxxxxxx

!

ip nat inside source route-map map-1 interface Dialer1 overload

ip nat inside source route-map map-2 interface Ethernet0 overload

ip nat inside source static tcp y.y.y.y 25 x.x.x.x 25 extendable

! There is an MX record that points to the IP for Dialer1 and should be routed to the internal server at y.y.y.y

ip nat inside source static tcp y.y.y.y 80 x.x.x.x 80 extendable

! There is a WWW record that points to the IP for Dialer1 and should be routed to the internal server at y.y.y.y

ip nat inside source static tcp y.y.y.y 53 x.x.x.x 53 extendable

! The DNS server at y.y.y.y should be able to answer queries from outside - THIS DOESNT WORK

!

ip classless

!

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 Ethernet0

!

no ip http server

!

dialer-list 1 protocol ip permit

no cdp run

route-map map-1 permit 10

match interface Dialer1

!

route-map map-2 permit 10

match interface Ethernet0

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password xxxxxx

login

!

end

This works "a bit" but there is clearly something wrong. Trying to browse the web brings up pages extremely slowly (and sometimes not at all). Clearly the routing isn't working as intended but I don't know where I've gone wrong - or can I not achieve what I am trying to?

Also, the "ip nat inside source static tcp 10.10.10.1 53 x.x.x.x 53 extendable" doesn't achieve what I want it to either. I need to make my internal DNS server publicly available as it holds the records for a public domain name. I thought this was the correct syntax but I must be missing something as it doen't work. I know it is my router config because if I put my old router back it works fine.

Any suggestions will be much appreciated.

Regards, Jason

JasonPia · ‎09-23-2003

Well I still don't know why my load balancing doesn't work but I solved my internal DNS problem so I thought I would post the solution in case anybody else stumbles across this in the future.

Apart from the fact that DNS queries are UDP rather than TCP, (duh - must have had my Homer head on that day), I needed to use the no-payload option. I presume this is to do with the way that the hosting company is redirecting the DNS requests to my DNS server. Anyway it works now:

ip nat inside source static udp 10.10.10.1 53 x.x.x.x 53 extendable no-payload

Still no joy with the load balancing though - any suggestions?

Thanks, Jason