Hi Alain,

This is what i did. I normally use the interface, which in this case would have been g0/0 and g0/1 but the extendable command wouldnt show, so i used the actually ip address of the interface. is that correct. it isnt working

below is a the config

thanks

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname lb-blackhole

!

boot-start-marker

boot-end-marker

!

!

enable password secret xxxx

no aaa new-model

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

no ip bootp server

ip name-server x.x.x.x

ip name-server 8.8.8.8

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

!

!

username lifebroker privilege 15 secret 4 xxxxx

!

redundancy

!        

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Secondary link COPPER

ip address x.x.x.x 255.255.255.252

no ip redirects

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Primary link FIBRE

ip address y.y.y.y 255.255.255.252

no ip redirects

ip nat outside

ip virtual-reassembly in

standby 10 priority 105

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

description Inside LAN segment

ip address 192.168.0.251 255.255.255.0

no ip redirects

ip nat inside

ip virtual-reassembly in

standby 20 ip 192.168.0.185

standby 20 priority 105

standby 20 preempt delay minimum 10

standby 20 track 30 decrement 10

duplex auto

speed auto

!

interface GigabitEthernet0/0/0.6

encapsulation dot1Q 6

ip address 192.168.6.251 255.255.255.0

!

ip forward-protocol nd

!

ip http server

no ip http secure-server

!

ip nat inside source static tcp 192.168.0.115 80 y.y.y.y 80 extendable

ip nat inside source static tcp 192.168.0.115 443 y.y.y.y.158 443 extendable

ip nat inside source static tcp 192.168.0.25 980 y.y.y.y 980 extendable

ip nat inside source static tcp 192.168.0.176 3389 y.y.y.y 3389 extendable

ip nat inside source static tcp 192.168.0.120 9100 y.y.y.y 9100 extendable

ip nat inside source static tcp 192.168.0.176 56072 y.y.y.y 56072 extendable

ip nat inside source static tcp 192.168.0.115 80 x.x.x.x 80 extendable

ip nat inside source static tcp 192.168.0.115 443 x.x.x.x 443 extendable

ip nat inside source static tcp 192.168.0.25 980 x.x.x.x 980 extendable

ip nat inside source static tcp 192.168.0.176 3389 x.x.x.x 3389 extendable

ip nat inside source static tcp 192.168.0.120 9100 x.x.x.x 9100 extendable

ip nat inside source static tcp 192.168.0.176 56072 x.x.x.x 56072 extendable

ip route 0.0.0.0 0.0.0.0 x.x.x.x

!

i

access-list 101 permit tcp any any eq 3389

access-list 101 permit tcp any any eq 9100

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any any eq 443

access-list 101 permit tcp any any eq 980

access-list 101 permit tcp any any eq 56072

!

!

!

!

!

!

control-plane

!

!

Hi,

can you try adding a second static default route pointing out the other WAN interface

Regards

Alain

Don't forget to rate helpful posts.

For that to work you need to assign two addresses two each of your servers (.115 and .116 in my example for the first server). With these addresses you can match on the return-traffic to direct the traffic out the correct interface:

interface Gig0/0/0

  ip policy route-map Gig0/0/0-IN

!

ip nat inside source static tcp 192.168.0.115 443 interface Gig0/0 443

ip nat inside source static tcp 192.168.0.116 443 interface Gig0/1 443

!

ip access-list extended Server1-IP1

  permit ip host 192.168.0.115 any

ip access-list extended Server1_IP2

  permit ip host 192.168.0.116 any

!

route-map Gig0/0/0-IN permit 10

  match ip address Server1-IP1

  set interface Gig0/0

!

route-map Gig0/0/0-IN permit 20

  match ip address Server1-IP2

  set interface Gig0/1

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

OK i worked out that the nat statements do work. The way i did the LAN side out to the active WAN is use ip sla with track. so if the gateway for the fibre WAN x.x.x.157 is reachable then it will use it as the default gateway if down and use the next weighted route y.y.y.237

see below config

redundancy

!        

track 178 ip sla 178 reachability

!

interface GigabitEthernet0/0

description Secondary link COPPER

ip address x.x.x.238 255.255.255.252

no ip redirects

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Primary link FIBRE

ip address y.y.y.158 255.255.255.252

no ip redirects

ip nat outside

ip virtual-reassembly in

standby 10 priority 105

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

description Inside LAN segment

ip address 192.168.0.251 255.255.255.0

no ip redirects

ip nat inside

ip virtual-reassembly in

!        

interface GigabitEthernet0/0/0.6

encapsulation dot1Q 6

ip address 192.168.6.251 255.255.255.0

!

ip local policy route-map DEFAULT-ROUTE-POLICY

!

ip route 0.0.0.0 0.0.0.0 x.x.x.157 track 178

ip route 0.0.0.0 0.0.0.0 y.y.y.237 200

!

ip sla 178

icmp-echo x.x.x.157

frequency 5

ip sla schedule 178 life forever start-time now

access-list 102 permit icmp any host x.x.x.157 echo

!

route-map DEFAULT-ROUTE-POLICY permit 10

match ip address 102

set ip next-hop x.x.x.157

set interface Null0

!

!