Re: Can any one help Dual WAN (accessing LAN server from out sid

tanveer2005 · ‎02-19-2011

My goel is to access inside Server from outside with two public IP from 2 ISPs at same time. by static NAT or PBR.

Please help me. also see attached.

This is runn conf.

interface FastEthernet0/0.1
encapsulation dot1Q 9-----------LAN
ip address 10.10.5.70 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.3
encapsulation dot1Q 3---------- ISP-1
ip address 82.128.161.50 255.255.255.224
ip nat outside
!
interface FastEthernet0/0.4
encapsulation dot1Q 4--------------ISP-2
ip address 77.192.187.250 255.255.255.248
ip nat outside
!
ip nat inside source static 10.10.5.60 82.128.161.51 route-map isp1
ip nat inside source static 10.10.5.60 77.192.187.251 route-map isp2
ip classless
ip route 0.0.0.0 0.0.0.0 77.192.187.254
ip route 0.0.0.0 0.0.0.0 82.128.161.33 20
no ip http server
!
route-map isp2 permit 10
match interface FastEthernet0/0.4
!
route-map isp1 permit 10
match interface FastEthernet0/0.3

Yasir Ashfaque · ‎02-19-2011

Hi,

Why dont you remove the AD == 20; it works fine if you remove AD 20 from second route, rest CEF will do it.(I Tested it with Ping)

Yasir

tanveer2005 · ‎02-21-2011

It is working Fine, but you need two IP for LAN , and no need Default route, If some one have other solution for only ony IP for LAN server , please Explain.

Router#sh runn
Building configuration...

Current configuration : 1937 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HS45408$iutGDSO7r73434mFH.d0bgjOZ/
enable password 7 1218011A135B05580C252720245413D32
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface Loopback0
ip address 192.168.150.1 255.255.255.252
ip nat outside
ip policy route-map PBR-LOOP
!
interface ATM0/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0/0
no ip address
speed auto
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 9---------------------LAN
ip address 10.10.5.70 255.255.255.0
ip nat inside
ip policy route-map PBR-LAN
!
interface FastEthernet0/0.3 -------------- ISP1
encapsulation dot1Q 3

ip address 82.128.161.50 255.255.255.224
ip nat outside
!
interface FastEthernet0/0.4-------------- ISP2

encapsulation dot1Q 4
ip address 77.192.187.250 255.255.255.248
ip nat outside
!
ip nat inside source static 10.10.5.60 77.192.187.251
ip nat inside source static 10.10.5.61 82.128.161.51
ip classless
no ip http server
!
ip access-list extended STATIC-NAT-ISP1
permit ip host 82.128.161.51 any
ip access-list extended STATIC-NAT-ISP2
permit ip host 77.192.187.251 any
ip access-list extended STATIC-NAT-SERVICES
permit ip host 10.10.5.60 any----------------- SERVER LAN IP 1
permit ip host 10.10.5.61 any------------------SERVER LNA IP 2
!
route-map PBR-LAN permit 10
match ip address STATIC-NAT-SERVICES
set ip next-hop 192.168.150.2
!
route-map PBR-LOOP permit 10
match ip address STATIC-NAT-ISP1
set ip next-hop 82.128.161.33
!
route-map PBR-LOOP permit 20
match ip address STATIC-NAT-ISP2
set ip next-hop 77.192.187.254
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 14161606050A7E232B24GFY34JHF373C2C1453
login
!
!
end

Router#

Can any one help Dual WAN (accessing LAN server from out side with two ISPs)