cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1256
Views
0
Helpful
8
Replies

probleme with Static nat and Load balancing : DUAL ADSL

iliass joudat
Level 1
Level 1

Hi every body

i have a mysterious problem with static NAT and Load balancing outgoing

some one can help please ?

***********  the config .

Current configuration : 5258 bytes

!

! Last configuration change at 17:44:02 UTC Sun Oct 7 2012 by itsmaroc

! NVRAM config last updated at 10:35:19 UTC Fri Oct 5 2012

! NVRAM config last updated at 10:35:19 UTC Fri Oct 5 2012

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ROUTER

!

boot-start-marker

boot-end-marker

!

!

no logging buffered

no logging console

enable password test

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 192.168.3.1

ip dhcp excluded-address 192.168.3.11 192.168.3.254

!

ip dhcp pool FIRE

import all

network 192.168.3.0 255.255.255.0

dns-server 212.217.0.1 212.217.1.1

default-router 192.168.3.1

!

!

ip name-server 212.217.0.1

ip name-server 212.217.1.1

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1280271872

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1280271872

revocation-check none

rsakeypair TP-self-signed-1280271872

!

!

crypto pki certificate chain TP-self-signed-1280271872

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31323830 32373138 3732301E 170D3132 31303033 32323439

  34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

license udi pid CISCO1921/K9 sn FCZ16199053

license boot module c1900 technology-package securityk9

!

!

username test privilege 15 password 0 test

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1412

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/0/0.2 point-to-point

pvc 8/35

  pppoe-client dial-pool-number 1

!

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/1/0.1 point-to-point

pvc 8/35

  oam-pvc manage

  pppoe-client dial-pool-number 2

!

!

interface Dialer1

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname test

ppp chap password 0 test

ppp pap sent-username test password 0 test

!

interface Dialer2

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 2

dialer-group 2

ppp authentication chap pap callin

ppp chap hostname test

ppp chap password 0 test

ppp pap sent-username test password 0 test

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

!

ip nat inside source static tcp 192.168.3.35 443 interface Dialer1 443

ip nat inside source static tcp 192.168.3.39 8080 interface Dialer1 8080

ip nat inside source static tcp 192.168.3.43 80 interface Dialer1 80

ip nat inside source static tcp 192.168.3.47 90 interface Dialer1 90

ip nat inside source static tcp 192.168.3.47 22 interface Dialer1 22

ip nat inside source route-map fixed-nat interface Dialer1 overload

ip nat inside source route-map fixed-nat2 interface Dialer2 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 Dialer2

!

access-list 1 remark INSIDE_IF=GigabitEthernet0/0

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.3.0 0.0.0.255

access-list 110 permit ip 192.168.3.0 0.0.0.255 any

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

!

route-map fixed-nat2 permit 10

match ip address 110

match interface Dialer2

!

route-map fixed-nat permit 10

match ip address 110

match interface Dialer1

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

password test

login

transport input telnet ssh

!

scheduler allocate 20000 1000

end

1 Accepted Solution

Accepted Solutions

paolo bevilacqua
Hall of Fame
Hall of Fame

On dialer interface, you should have "mtu 1492", not 'ip mtu', an 'no ip virtual-reassembly'

On g0/0, ip tcp mss-adjust 1452.

For the port-forwarding nat, you will have to use a route map also, selecting one interface only.

View solution in original post

8 Replies 8

cadet alain
VIP Alumni
VIP Alumni

Hi,

what is the mysterious problem exactly ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

befor load balacing :

  • the router was fast
  • the NAT for SMTP exchnge awork correctely

.

hi alain

there is no solution for my problem ?

thinks

paolo bevilacqua
Hall of Fame
Hall of Fame

On dialer interface, you should have "mtu 1492", not 'ip mtu', an 'no ip virtual-reassembly'

On g0/0, ip tcp mss-adjust 1452.

For the port-forwarding nat, you will have to use a route map also, selecting one interface only.

Thinks paolo for ur support ;

i never use before  port forwarding nat with route-map, can you give me an example ?

thinks

I have done what you asked me to do, but the proformance of the router are still low, but before the load balancing, it was good.

here is the new configuration :

ip dhcp excluded-address 192.168.3.1

ip dhcp excluded-address 192.168.3.11 192.168.3.254

!

ip dhcp pool FIRE

import all

network 192.168.3.0 255.255.255.0

dns-server 212.217.0.1 212.217.1.1

default-router 192.168.3.1

!

!

ip name-server 212.217.0.1

ip name-server 212.217.1.1

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1280271872

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1280271872

revocation-check none

rsakeypair TP-self-signed-1280271872

!

!

crypto pki certificate chain TP-self-signed-1280271872

certificate self-signed 01

  3082022.............

  quit

license udi pid CISCO1921/K9 sn FCZ16199053

license boot module c1900 technology-package securityk9

!

!

username itsmaroc privilege 15 iliass 0 iliass

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/0/0.2 point-to-point

pvc 8/35

  pppoe-client dial-pool-number 1

!

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/1/0.1 point-to-point

pvc 8/35

  oam-pvc manage

  pppoe-client dial-pool-number 2

!

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

no ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname iliass01

ppp chap password 0 iliass2012

ppp pap sent-username iliass01 password 0 iliass2012

!

interface Dialer2

ip address negotiated

ip mtu 1492

ip nat outside

no ip virtual-reassembly in

encapsulation ppp

dialer pool 2

dialer-group 2

ppp authentication chap pap callin

ppp chap hostname iliass02

ppp chap password 0 iliass2012

ppp pap sent-username iliass02 password 0 iliass2012

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

!

ip nat inside source static tcp 192.168.3.35 443 interface Dialer1 443

ip nat inside source static tcp 192.168.3.39 8080 interface Dialer1 8080

ip nat inside source static tcp 192.168.3.43 80 interface Dialer1 80

ip nat inside source static tcp 192.168.3.47 90 interface Dialer1 90

ip nat inside source static tcp 192.168.3.47 22 interface Dialer1 22

ip nat inside source route-map fixed-nat interface Dialer1 overload

ip nat inside source route-map fixed-nat2 interface Dialer2 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 Dialer2

!

access-list 1 remark INSIDE_IF=GigabitEthernet0/0

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.3.0 0.0.0.255

access-list 110 permit ip 192.168.3.0 0.0.0.255 any

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

!

route-map fixed-nat2 permit 10

match ip address 110

match interface Dialer2

!

route-map fixed-nat permit 10

match ip address 110

match interface Dialer1

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

password itsmaroc

login

transport input telnet ssh

!

scheduler allocate 20000 1000

end

Sorry, I don't know what the reason could be. You can try updating IOS just a precaution.

ok thinks a lot Paolo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: