cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
0
Helpful
4
Replies

Port Forwaring Issue on two internet link

hseakleang1
Level 1
Level 1

I have two internet links.

I configure port forwarding for these two internet link into my internal server.
After i configure, port forwarding only work on first ISP1. It doesn't work on ISP2 and i try to ping ISP2 link but it requests timeout.

If i shutdown ISP1, port forwarding works fine on ISP2. But if both link are active at the same time, port forwarding on ISP2 doestn't work.

For internet access on both link is fine, client can access on both link.

The IOS version is :Version 15.0(1r)M9


interface GigabitEthernet0/0
 description To_Internal
 ip address 192.168.2.1 255.255.255.252
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tointernet
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description ISP1
 ip address 1.1.1.1 255.255.255.224
 ip nat outside
 ip virtual-reassembly max-fragments 64 max-reassemblies 512
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 description ISP2
 ip address 2.2.2.1 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto


ip nat inside source static esp 192.168.2.2 interface GigabitEthernet0/1
ip nat inside source route-map ISPA interface GigabitEthernet0/1 overload
ip nat inside source route-map ISPB interface GigabitEthernet0/2 overload
ip nat inside source static tcp 192.168.1.2 80 1.1.1.1 80 extendable
ip nat inside source static tcp 192.168.1.2 443 1.1.1.1 443 extendable

ip nat inside source static tcp 192.168.1.2 80 2.2.2.1 80 extendable
ip nat inside source static tcp 192.168.1.2 443 2.2.2.1 443 extendable

ip route 0.0.0.0 0.0.0.0 1.1.1.2
ip route 0.0.0.0 0.0.0.0 2.2.2.2

4 Replies 4

Hello,

can you also post the configs of the route maps ISPA and ISPB (and also the route map 'tointernet') ? Is there a specific reason why you don't have the route maps applied to your static NAT mappings as well ?

Hello,

Please find the config.

For route map, i just configure specific IP to ISP2 and other to ISP1.

interface GigabitEthernet0/0
 description To_Internal
 ip address 192.168.2.1 255.255.255.252
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tointernet
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description ISP1
 ip address 1.1.1.1 255.255.255.224
 ip nat outside
 ip virtual-reassembly max-fragments 64 max-reassemblies 512
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 description ISP2
 ip address 2.2.2.1 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto


ip nat inside source static esp 192.168.2.2 interface GigabitEthernet0/1
ip nat inside source route-map ISPA interface GigabitEthernet0/1 overload
ip nat inside source route-map ISPB interface GigabitEthernet0/2 overload
ip nat inside source static tcp 192.168.1.2 80 1.1.1.1 80 extendable
ip nat inside source static tcp 192.168.1.2 443 1.1.1.1 443 extendable

ip nat inside source static tcp 192.168.1.2 80 2.2.2.1 80 extendable
ip nat inside source static tcp 192.168.1.2 443 2.2.2.1 443 extendable

ip route 0.0.0.0 0.0.0.0 1.1.1.2
ip route 0.0.0.0 0.0.0.0 2.2.2.2


access-list 1 permit any
access-list 10 permit any
access-list 11 permit any
access-list 100 permit ip 192.168.1.100 255.255.255.255 any
!
route-map tointernet permit 10
 match ip address 100
 set ip next-hop 2.2.2.2
!
route-map tointernet permit 20
 match ip address 1
 set ip next-hop 1.1.1.2
!
route-map ISPB permit 10
 match ip address 11
 match interface GigabitEthernet0/2
!
route-map ISPA permit 10
 match ip address 10
 match interface GigabitEthernet0/1

Hello,

just for clarification purposes: your inside NAT interface is GigabitEthernet0/0, which has IP address 192.168.2.1/30, which leaves only one other host address available, 192.168.2.2/30.

Your server address is 192.168.1.2 I assume ? You also have 192.168.1.100 in your access list. Assuming that this belongs to subnet 192.168.1.0/24, where is that subnet connected to ? Is there another device connected to the device of which you posted the configuration ?

Hello,

Yes, I have another layer 3 device placing behind that router.

Review Cisco Networking for a $25 gift card