01-13-2013 12:47 PM - edited 03-04-2019 06:41 PM
Hi there....finaly got this thing allmost working
But I´m not able to point it to my secodary ISP (My other Public IP)
What am i missing? anyone can point me in right dirrection ?
Exapl...if i would like my smtp to work on number 2ISP it should be somethin like this right?
ip nat inside source static tcp 10.10.10.2 25 interface Gigabit 0 25
But that not working, only when i point it to my cel 0 interface
Is perhaps should mention
ADSL is Gigabit 0
3G is Cel 0
Since there is a dataplan i like to (move) some of the trafic to the slower ADSL, wich has flatrate....Unlimited data
ASA outside 10.10.10.2
Router Vlan1 10.10.10.1
Network inside 192.168.0.10
And asa doing nat i think and VPN
Here is running config
no aaa new-model
no ip source-route
ip cef
!
no ip bootp server
ip domain timeout 1
no ip domain lookup
ip domain name it-kon.dk
ip name-server 192.168.0.2
ip name-server 208.67.222.222
no ipv6 cef
!
!
multilink bundle-name authenticated
chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
license udi pid C819HG+7-K9 sn FCZ1606C0BY
!
!
!
controller Cellular 0
gsm sim primary slot 1
gsm failovertimer 7
!
ip tcp synwait-time 10
no ip ftp passive
ip ssh version 2
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
no crypto ipsec nat-transparency udp-encapsulation
!
interface Cellular0
description To ISP 1 (3G)$FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 60
dialer in-band
dialer idle-timeout 900
dialer string gsm
dialer-group 2
async mode interactive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
description Wan port to ADSL
ip address dhcp client-id GigabitEthernet0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
ip policy route-map reroute10traffic
!
interface Dialer0
ip address negotiated
encapsulation slip
dialer pool 2
dialer idle-timeout 0
dialer string gsm
dialer persistent
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip dns view default
domain timeout 1
no dns forwarding
!
ip nat inside source static tcp 10.10.10.2 50 interface Cellular0 50
ip nat inside source static tcp 10.10.10.2 51 interface Cellular0 51
ip nat inside source static udp 10.10.10.2 500 interface Cellular0 500
ip nat inside source static udp 10.10.10.2 4500 interface Cellular0 4500
ip nat inside source static tcp 10.10.10.2 25 interface Cellular0 25
ip nat inside source static tcp 10.10.10.2 443 interface Cellular0 443
ip nat inside source static tcp 10.10.10.2 5567 interface Cellular0 5567
ip nat inside source static udp 10.10.10.2 5881 interface Cellular0 5881
!
ip nat inside source route-map nat_isp1 interface Cellular0 overload
ip nat inside source route-map nat_isp2 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list extended nat_isp1
permit tcp 10.10.10.0 0.0.0.255 any
ip access-list extended nat_isp2
permit ip 10.10.10.0 0.0.0.255 any
!
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.10.0 0.0.0.3
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit any
access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq www
access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq 443
access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq smtp
access-list 101 permit udp 10.10.10.0 0.0.0.255 any eq domain
access-list 101 permit udp 10.10.10.0 0.0.0.255 any eq 5881
access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq 5567
!
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
!
route-map reroute10traffic permit 10
match ip address 101
match interface GigabitEthernet0
set ip next-hop 95.166.108.1
!
route-map nat_isp2 permit 10
match ip address nat_isp2
match interface GigabitEthernet0
set ip next-hop 95.166.108.1
!
route-map nat_isp1 permit 10
match ip address nat_isp1
match interface Cellular0
!
!
control-plane
!
!
banner login ^Access for authorized personal only!!!^
!
line con 0
no modem enable
line aux 0
line 3
exec-timeout 0 0
script dialer gsm
login
modem InOut
no exec
transport input all
rxspeed 21600000
txspeed 5760000
line vty 0 4
access-class 23 in
privilege level 15
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
01-14-2013 01:52 AM
Hi,
provided you want outgoing SMTP as well as other traffic as referenced in ACL 101 to go through the ADSL link, you should do this:
route-map nat_isp2 permit 10
no set ip next-hop 95.166.108.1
route-map reroute10traffic permit 10
no match interface GigabitEthernet0
Regards.
Alain
Don't forget to rate helpful posts.
01-14-2013 02:22 AM
Hi Alain , thx for help..bit the problem is not from insider and out..its the orker Way
Outside to inside
Sent from Cisco Technical Support iPhone App
01-14-2013 09:01 AM
Hi,
The PBR config you have done is for outgoing traffic not incoming traffic.Inbound traffic engineering can be done with BGP but not on a per traffic type basis, it can also be done with PfR but I've never tried this yet so I'm not aware of the restrictions.
Regards.
Alain
Don't forget to rate helpful posts.
01-14-2013 09:25 AM
Hi,
I'm not sure but it seems to me that problem is when you put Static NAT on both outisde interfaces return traffic fails to come back. That's why only with one Static NAT entry is working fine. It just my theory. I can be wrong.
Here is an author had the same (not exactly) problem and a solution was found. You may tru it.
https://supportforums.cisco.com/message/3299022#3299022
I think this link also will be helpful for anyone to understand in what order packets get processed
http://book.soundonair.ru/cisco/ch24lev1sec1.html#ch24table01
Hope it will help.
Best regards,
Abzal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide