Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1987
Views
5
Helpful
2
Replies

Port forwarding in dual WAN setup

Go to solution
WhateverID
Level 1
Level 1

‎01-11-2013 01:36 AM - edited ‎03-04-2019 06:40 PM

Good afternoon!

I would be very thankful if someone could help me out with a simple question, that made me stuck.

I have Cisco 2910 router that have 3 interfaces:

g0/0 - LAN

g0/1 - WAN1

g0/2 - WAN2

I would like to configure port forwarding in such way that connections to both WAN interface on identical ports will be redirected to a single host in a private network. When I issue command:

ip nat inside source static tcp 10.10.10.X 8080 interface g0/1 8080

everything is fine, until I add the second command:

ip nat inside source static tcp 10.10.10.X 8080 interface g0/2 8080

After that, the first statement is just replaced by the second one, not added to configuration.

It would be great if someone could give me an advice!

Thanks in advance!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎01-11-2013 01:59 AM

It's not that simple ...

You need two IP-adresses on your server and route-maps to control the return-traffic:

interface Gig0/0

  ip policy route-map Gig0/0-IN

You need two NAT-statements for the two IPs on the server:

ip nat inside source static tcp 10.10.10.101 8080 interface Gig0/1 8080

ip nat inside source static tcp 10.10.10.102 8080 interface Gig0/2 8080

With the help of PBR you force the return-traffic to the right link:

ip access-list extended TRAFFIC-FROM-10.10.10.101

  permit tcp host 10.10.10.101 eq 8080 any

ip access-list extended TRAFFIC-FROM-10.10.10.102

  permit tcp host 10.10.10.102 eq 8080 any

!

route-map Gig0/0-IN permit 10

  match ip address TRAFFIC-FROM-10.10.10.101

  set interface Gig0/1

!

route-map Gig0/0-IN permit 20

  match ip address TRAFFIC-FROM-10.10.10.102

  set interface Gig0/2

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎01-11-2013 01:59 AM

It's not that simple ...

You need two IP-adresses on your server and route-maps to control the return-traffic:

interface Gig0/0

  ip policy route-map Gig0/0-IN

You need two NAT-statements for the two IPs on the server:

ip nat inside source static tcp 10.10.10.101 8080 interface Gig0/1 8080

ip nat inside source static tcp 10.10.10.102 8080 interface Gig0/2 8080

With the help of PBR you force the return-traffic to the right link:

ip access-list extended TRAFFIC-FROM-10.10.10.101

  permit tcp host 10.10.10.101 eq 8080 any

ip access-list extended TRAFFIC-FROM-10.10.10.102

  permit tcp host 10.10.10.102 eq 8080 any

!

route-map Gig0/0-IN permit 10

  match ip address TRAFFIC-FROM-10.10.10.101

  set interface Gig0/1

!

route-map Gig0/0-IN permit 20

  match ip address TRAFFIC-FROM-10.10.10.102

  set interface Gig0/2

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
WhateverID
Level 1
Level 1
In response to Karsten Iwen

‎01-11-2013 02:14 AM

Thanks a lot Karsten!

That's a good idea. I know about return traffic problem and actually wanted to use the second line as a "standby" configuration to use when the routing table changes and connections will flow via the second interface.

Anyway, your advice is great and I might use it.

You rock!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card