Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
969
Views
0
Helpful
0
Replies

Dual wan and port forwarding

bkran
Level 1
Level 1

‎04-25-2014 02:30 AM - edited ‎03-04-2019 10:51 PM

 

Hello everyone,

I have a lab router on which I am working on ( 876 ) and I have succefully configured wan failover for the 2 wan interfaces. Now the failover part works great and traffic is routed correctly. Also the port forward works but only for the active routed interface. What I want is to have port forward working for either wan but somehow this fails. I see in the debug that the incoming packet from wan2 reaches the server but the returning packets are routed through wan1, not the one they came in from. Any notes on my config? I have searched everywhere but can't seem to find the problem. My config should work as it is

 


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab-fw
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
!
dot11 syslog
no ip source-route
ip arp proxy disable
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
track 10 ip sla 1 reachability
 delay down 1 up 1
!
track 20 ip sla 2 reachability
 delay down 1 up 1
!
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
 switchport access vlan 100
!
interface Vlan1
 ip address 192.168.0.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan100
 ip address Y.Y.Y.Y 255.255.255.248
 ip nat outside
 ip virtual-reassembly
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname
 ppp chap password
 ppp pap sent-username
!
no ip classless
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 vlan100-gw-ip track 10
ip route 0.0.0.0 0.0.0.0 Dialer0 200 track 20
ip route 2.2.2.2 255.255.255.255 Dialer0
ip route 1.1.1.1 255.255.255.255 vlan100-gw-ip

no ip http server
no ip http secure-server
!
!
ip nat inside source route-map wan1 interface Vlan100 overload
ip nat inside source route-map wan2 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.10 443 di0-IP 443 route-map wan2 extendable
ip nat inside source static tcp 192.168.0.10 443 Y.Y.Y.Y 443 route-map wan1 extendable
!
ip sla 1
 icmp-echo 1.1.1.1 source-interface Vlan100
 timeout 500
 threshold 500
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 2.2.2.2 source-interface Dialer0
 timeout 500
 threshold 500
ip sla schedule 2 life forever start-time now
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
!
!
!
!
route-map wan1 permit 10
 match ip address 100
 match interface Vlan100
!
route-map wan2 permit 10
 match ip address 100
 match interface Dialer0
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login
!
scheduler max-task-time 5000
event manager applet clear_nat_1
 event track 10 state any
 action 0.0 cli command "enable"
 action 1.0 cli command "clear ip nat trans *"
event manager applet clear_nat_2
 event track 20 state any
 action 0.0 cli command "enable"
 action 1.0 cli command "clear ip nat trans *"
!
end

 

 

Thanks in advance

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents