Cisco 2800 - dual WAN issue

rweissonm · ‎07-27-2011

Hi guys, I have 2 internet connections that will be providing services to different servers, the idea is that both connections can work at the same time, I will be sending some traffic through WAN1 and a different independent traffic through WAN2 all the traffic will be directed to the same LAN but to different servers/workstations depending on the request. I was able to configure my router (Cisco 2800) to work with both ISPs but they are working only as a backup connection (wan2 works only if wan1 is down and viceversa). Below is the configuration of my router, if you have any suggestion please let me know.

interface GigabitEthernet0/0.20

description WAN2

encapsulation dot1Q 20

ip address Y.Y.Y.Y 255.255.255.252

ip nat outside

no snmp trap link-status

!

interface GigabitEthernet0/0.50

description WAN1

encapsulation dot1Q 50

ip address X.X.X.X 255.255.255.240

ip nat outside

no snmp trap link-status

!

interface GigabitEthernet0/1

description LAN

ip address 192.168.1.247 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 WAN1

ip route 0.0.0.0 0.0.0.0 WAN2

!

ip http server

no ip http secure-server

ip nat inside source route-map Comcast20 interface GigabitEthernet0/0.20 overload

ip nat inside source route-map Comcast50 interface GigabitEthernet0/0.50 overload

ip nat inside source static tcp 192.168.1.105 80 interface GigabitEthernet0/0.20 80

ip nat inside source static tcp 192.168.1.105 22 interface GigabitEthernet0/0.20 22

ip nat inside source static tcp 192.168.1.105 3389 interface GigabitEthernet0/0.20 3389

ip nat inside source static tcp 192.168.1.61 3389 x.x.x.x 3389 route-map Cisco50 extendable

!

access-list 120 permit ip 192.168.1.0 0.0.0.255 any

access-list 150 permit ip 192.168.1.0 0.0.0.255 any

route-map Comcast50 permit 10

description Comcast Link 50 Mbps

match ip address 150

match interface GigabitEthernet0/0.50

!

route-map Comcast20 permit 10

description Comcast Link 20 Mbps

match ip address 120

match interface GigabitEthernet0/0.20

germain85 · ‎07-30-2011

Hi Rafael,

I guess you should

1- use two access-list for diffrent subnet. One for the traffic you want to send out WAN1 and a second for the traffic you want to send out WAN2. Your access-list 120 and 150 matches same subnet, then same traffic.

2- Your route-map. i guess you should set the outgoing interface not match the outgoing interface as you did.

3- Then you apply corectly each access-list for the NAT it will work correctly

4- (optional) If you want now to configure a failover, then you can add ip sla

Regards

Germain

Amit Aneja · ‎07-30-2011

Rafael,

I see no issues with configuration, this is correct way of load balaning when using dual WAN links.

Can you please share the following o/p?

sh ip route 0.0.0.0

show ip nat tran

Regards,

Amit Aneja

germain85 · ‎07-30-2011

Hi Rafael,

Have a look on this, i mean it can help you: https://supportforums.cisco.com/docs/DOC-8313

rweissonm · ‎08-01-2011

Amit, below is the output you requested

Routing entry for 0.0.0.0/0, supernet

Known via "static", distance 1, metric 0, candidate default path

Routing Descriptor Blocks:

Y.Y.Y.Y, permanent

Route metric is 0, traffic share count is 1

* X.X.X.X, permanent

Route metric is 0, traffic share count is 1

____________________________________________________________

sh ip nat translation:

Pro Inside global Inside local Outside local Outside global

tcp X.X.X.X:3389 192.168.1.5:3389 --- ---

tcp Y.Y.Y.Y:3389 192.168.1.134:3389 --- ---

rweissonm · ‎08-01-2011

Germain:

I'm working in your proposed solution right now, I will keep you posted.

Rafael