07-27-2011 01:10 PM - edited 03-04-2019 01:06 PM
Hi guys, I have 2 internet connections that will be providing services to different servers, the idea is that both connections can work at the same time, I will be sending some traffic through WAN1 and a different independent traffic through WAN2 all the traffic will be directed to the same LAN but to different servers/workstations depending on the request. I was able to configure my router (Cisco 2800) to work with both ISPs but they are working only as a backup connection (wan2 works only if wan1 is down and viceversa). Below is the configuration of my router, if you have any suggestion please let me know.
interface GigabitEthernet0/0.20
description WAN2
encapsulation dot1Q 20
ip address Y.Y.Y.Y 255.255.255.252
ip nat outside
no snmp trap link-status
!
interface GigabitEthernet0/0.50
description WAN1
encapsulation dot1Q 50
ip address X.X.X.X 255.255.255.240
ip nat outside
no snmp trap link-status
!
interface GigabitEthernet0/1
description LAN
ip address 192.168.1.247 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 WAN1
ip route 0.0.0.0 0.0.0.0 WAN2
!
ip http server
no ip http secure-server
ip nat inside source route-map Comcast20 interface GigabitEthernet0/0.20 overload
ip nat inside source route-map Comcast50 interface GigabitEthernet0/0.50 overload
ip nat inside source static tcp 192.168.1.105 80 interface GigabitEthernet0/0.20 80
ip nat inside source static tcp 192.168.1.105 22 interface GigabitEthernet0/0.20 22
ip nat inside source static tcp 192.168.1.105 3389 interface GigabitEthernet0/0.20 3389
ip nat inside source static tcp 192.168.1.61 3389 x.x.x.x 3389 route-map Cisco50 extendable
!
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.1.0 0.0.0.255 any
route-map Comcast50 permit 10
description Comcast Link 50 Mbps
match ip address 150
match interface GigabitEthernet0/0.50
!
route-map Comcast20 permit 10
description Comcast Link 20 Mbps
match ip address 120
match interface GigabitEthernet0/0.20
07-30-2011 12:41 PM
Hi Rafael,
I guess you should
1- use two access-list for diffrent subnet. One for the traffic you want to send out WAN1 and a second for the traffic you want to send out WAN2. Your access-list 120 and 150 matches same subnet, then same traffic.
2- Your route-map. i guess you should set the outgoing interface not match the outgoing interface as you did.
3- Then you apply corectly each access-list for the NAT it will work correctly
4- (optional) If you want now to configure a failover, then you can add ip sla
Regards
Germain
07-30-2011 02:14 PM
Rafael,
I see no issues with configuration, this is correct way of load balaning when using dual WAN links.
Can you please share the following o/p?
sh ip route 0.0.0.0
show ip nat tran
Regards,
Amit Aneja
07-30-2011 02:56 PM
Hi Rafael,
Have a look on this, i mean it can help you: https://supportforums.cisco.com/docs/DOC-8313
08-01-2011 07:10 PM
Amit, below is the output you requested
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 1, metric 0, candidate default path
Routing Descriptor Blocks:
Y.Y.Y.Y, permanent
Route metric is 0, traffic share count is 1
* X.X.X.X, permanent
Route metric is 0, traffic share count is 1
____________________________________________________________
sh ip nat translation:
Pro Inside global Inside local Outside local Outside global
tcp X.X.X.X:3389 192.168.1.5:3389 --- ---
tcp Y.Y.Y.Y:3389 192.168.1.134:3389 --- ---
08-01-2011 07:21 PM
Germain:
I'm working in your proposed solution right now, I will keep you posted.
Rafael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide