multi WAN with Services on different ports

john matthews · ‎10-02-2014

New to Cisco and need some assistance, any help is much appreciated

What I want to happen is fastethernet0/0/1 to be primary for all internal request, web browsing, youtube etc.
then if it is disconnected then fastthernet0/0/0 will take over as primary and finally gigibitethernet0/1.
This works if I unplug one then do traceroutes to outside addresses I can see the provider it is going through and it follows the metric.
The problem I have is when a FTP request (21) comes in on 71.c.c.c (fastethernet0/0/0) it fails. What I believe is happening is ftp requests are coming in the correct interface and then attempting to go out the primary based on the metric, but that is just my guess.
How do I 'bind' the traffic to the spicific interface so it comes in and goes out the same interface?

interface GigabitEthernet0/0
description LAN
ip address 192.168.a.a 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description isp1
ip address 207.b.b.b 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/0/0
description isp2
ip address 72.c.c.c 255.255.255.128
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/0/1
description isp3
ip address 69.d.d.d 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

ip nat inside source route-map RM_isp2 interface FastEthernet0/0/0 overload
ip nat inside source route-map RM_isp1 interface GigabitEthernet0/1 overload
ip nat inside source route-map RM_isp3 interface FastEthernet0/0/1 overload
ip nat inside source static tcp 192.168.a.254 80 69.d.d.d 80 route-map RM_isp3 extendable
ip nat inside source static tcp 192.168.a.254 443 69.d.d.d 443 route-map RM_isp3 extendable
ip nat inside source static tcp 192.168.a.254 8080 69.d.d.d 8080 route-map RM_isp3 extendable
ip nat inside source static tcp 192.168.a.247 500 69.d.d.d 500 route-map RM_isp3 extendable
ip nat inside source static tcp 192.168.a.247 1723 69.d.d.d 1723 route-map RM_isp3 extendable
ip nat inside source static tcp 192.168.a.247 4500 69.d.d.d 4500 route-map RM_isp3 extendable
! d2 seperat ip address for same isp routed to different web server
ip nat inside source static tcp 192.168.a.241 80 69.d.d.d2 80 route-map RM_isp3 extendable
ip nat inside source static tcp 192.168.a.241 443 69.d.d.d2 443 route-map RM_isp 3extendable
ip nat inside source static tcp 192.168.a.241 8080 69.d.d.d2 8080 route-map RM_isp3 extendable
ip nat inside source static tcp 192.168.a.254 21 72.c.c.c 21 route-map RM_isp2 extendable
ip nat inside source static tcp 192.168.a.241 25 72.c.c.c 25 route-map RM_isp2 extendable
!
!fastethernet0/0/1 primary by metric (69.d.d.1)
!
ip route 0.0.0.0 0.0.0.0 69.d.d.1
ip route 0.0.0.0 0.0.0.0 72.c.c.1 10
ip route 0.0.0.0 0.0.0.0 207.b.b.1 20
!

access-list 104 permit ip 192.168.a.0 0.0.0.255 any
!
route-map RM_isp2 permit 10
match ip address 104 RM_isp2
match interface FastEthernet0/0/0
!
route-map RM_isp3 permit 10
match ip address 104 RM_isp3
match interface FastEthernet0/0/1
!
route-map RM_isp1 permit 10
match ip address 104 RM_isp1
match interface GigabitEthernet0/1

James Lasky · ‎10-02-2014

I guess you could achive the goal inverting inside with outside but then you lose the "overload"...

Anyway your architecture is not so common, I suggest you to keep two different layers:

1) external router keeps the three default routes, doing proxy arp for Nat ip address routed with statics on 2)

2) internal router does the NAT (one inside and one outside)

you can connect them with ether-channel for redundances if needed...

HTH