10-13-2014 10:22 AM - edited 03-04-2019 11:57 PM
HI all,
I have installed a cisco router in load sharing knowing that I have two ADSL links to connect to internet one of them with a fixed IP public address that i want to use to access the internal FTP server using NAT/PAT from the outside, I already try to configure it but I still can't access the FTP server from outside when both links are connected knowing that when i use just the ADSl link with the public fixed IP it's work fine;
my configuration is as below; please any ideas or any comments it's urgent and I need to fixe this issue ASAP. thanks in advance.
____________________________________________________________________________________________
Router#sh running-config
Building configuration...
Current configuration : 4649 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXXXXXXXX
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXXXXXXXXXX
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
ip domain name XXXXXXXXXXX
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
controller VDSL 0/0/0
!
controller VDSL 0/1/0
!
ip ssh time-out 60
ip ssh logging events
ip ssh version 2
!
track 1 interface Dialer0 ip routing
!
track 2 interface Dialer1 ip routing
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Ethernet0/0/0
no ip address
shutdown
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 2
!
!
interface Ethernet0/1/0
no ip address
shutdown
!
interface Dialer0
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp chap hostname XXXXXXXXXXXX
ppp chap password XXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXX password XXXXXXXXXXXXXXXX
ppp multilink
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 2
dialer-group 2
ppp chap hostname XXXXXXXXXXXX
ppp chap password XXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXX password XXXXXXXXXXXXXXXX
ppp multilink
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static tcp 192.168.2.200 21 interface Dialer0 21
ip nat inside source static udp 192.168.2.200 21 interface Dialer0 21
ip nat inside source static tcp 192.168.2.200 20 interface Dialer0 20
ip nat inside source route-map adsl1 interface Dialer0 overload
ip nat inside source route-map adsl2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 10 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 10 track 2
!
access-list 11 permit 192.168.2.0 0.0.0.255
access-list 12 deny 192.168.2.200
access-list 12 permit 192.168.2.0 0.0.0.255
!
route-map adsl2 permit 10
match ip address 12
match interface Dialer1
!
route-map adsl1 permit 10
match ip address 11
match interface Dialer0
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXXXXXXXXXXXX
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
_____________________________________________________________________
Best regards,
Solved! Go to Solution.
10-16-2014 04:40 AM
ip access-list extended MY_FTP_SOURCE
deny ip host 192.168.2.200 192.168.0.0 0.0.255.255
permit tcp host 192.168.2.200 any
>>>OR ! permit ip host 192.168.2.200 any
route-map PBR_FTP permit 10
match ip address MY_FTP_SOURCE
set interface Dialer0 Null0
interface G0/0
ip policy route-map PBR_FTP
PS: why do you use "dialer-group" per interface and not "dialer persistent"?
10-15-2014 10:44 AM
Hello, you need to create PBR on inside interface, that would always push your FTP server over Dialer0 interface.
10-16-2014 03:20 AM
hi Vasilii,
Could you please send me the command or a procedure on how to apply the PBR on the inside interface,
thank you in advance.
10-16-2014 04:40 AM
ip access-list extended MY_FTP_SOURCE
deny ip host 192.168.2.200 192.168.0.0 0.0.255.255
permit tcp host 192.168.2.200 any
>>>OR ! permit ip host 192.168.2.200 any
route-map PBR_FTP permit 10
match ip address MY_FTP_SOURCE
set interface Dialer0 Null0
interface G0/0
ip policy route-map PBR_FTP
PS: why do you use "dialer-group" per interface and not "dialer persistent"?
10-24-2014 07:19 AM
Thank you very much @Vasilii
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide