10-08-2012 05:37 PM - edited 03-04-2019 05:47 PM
Hi every body
i have a mysterious problem with static NAT and Load balancing outgoing
some one can help please ?
*********** the config .
Current configuration : 5258 bytes
!
! Last configuration change at 17:44:02 UTC Sun Oct 7 2012 by itsmaroc
! NVRAM config last updated at 10:35:19 UTC Fri Oct 5 2012
! NVRAM config last updated at 10:35:19 UTC Fri Oct 5 2012
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
no logging console
enable password test
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.3.11 192.168.3.254
!
ip dhcp pool FIRE
import all
network 192.168.3.0 255.255.255.0
dns-server 212.217.0.1 212.217.1.1
default-router 192.168.3.1
!
!
ip name-server 212.217.0.1
ip name-server 212.217.1.1
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1280271872
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1280271872
revocation-check none
rsakeypair TP-self-signed-1280271872
!
!
crypto pki certificate chain TP-self-signed-1280271872
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323830 32373138 3732301E 170D3132 31303033 32323439
34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
license udi pid CISCO1921/K9 sn FCZ16199053
license boot module c1900 technology-package securityk9
!
!
username test privilege 15 password 0 test
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/0/0.2 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
pvc 8/35
oam-pvc manage
pppoe-client dial-pool-number 2
!
!
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname test
ppp chap password 0 test
ppp pap sent-username test password 0 test
!
interface Dialer2
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname test
ppp chap password 0 test
ppp pap sent-username test password 0 test
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source static tcp 192.168.3.35 443 interface Dialer1 443
ip nat inside source static tcp 192.168.3.39 8080 interface Dialer1 8080
ip nat inside source static tcp 192.168.3.43 80 interface Dialer1 80
ip nat inside source static tcp 192.168.3.47 90 interface Dialer1 90
ip nat inside source static tcp 192.168.3.47 22 interface Dialer1 22
ip nat inside source route-map fixed-nat interface Dialer1 overload
ip nat inside source route-map fixed-nat2 interface Dialer2 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2
!
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 110 permit ip 192.168.3.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map fixed-nat2 permit 10
match ip address 110
match interface Dialer2
!
route-map fixed-nat permit 10
match ip address 110
match interface Dialer1
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
password test
login
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
10-13-2012 01:55 PM
On dialer interface, you should have "mtu 1492", not 'ip mtu', an 'no ip virtual-reassembly'
On g0/0, ip tcp mss-adjust 1452.
For the port-forwarding nat, you will have to use a route map also, selecting one interface only.
10-09-2012 12:46 AM
Hi,
what is the mysterious problem exactly ?
Regards.
Alain
Don't forget to rate helpful posts.
10-09-2012 01:29 AM
befor load balacing :
.
10-13-2012 10:07 AM
hi alain
there is no solution for my problem ?
thinks
10-13-2012 01:55 PM
On dialer interface, you should have "mtu 1492", not 'ip mtu', an 'no ip virtual-reassembly'
On g0/0, ip tcp mss-adjust 1452.
For the port-forwarding nat, you will have to use a route map also, selecting one interface only.
10-16-2012 08:27 AM
Thinks paolo for ur support ;
i never use before port forwarding nat with route-map, can you give me an example ?
thinks
10-16-2012 08:54 AM
I have done what you asked me to do, but the proformance of the router are still low, but before the load balancing, it was good.
here is the new configuration :
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.3.11 192.168.3.254
!
ip dhcp pool FIRE
import all
network 192.168.3.0 255.255.255.0
dns-server 212.217.0.1 212.217.1.1
default-router 192.168.3.1
!
!
ip name-server 212.217.0.1
ip name-server 212.217.1.1
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1280271872
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1280271872
revocation-check none
rsakeypair TP-self-signed-1280271872
!
!
crypto pki certificate chain TP-self-signed-1280271872
certificate self-signed 01
3082022.............
quit
license udi pid CISCO1921/K9 sn FCZ16199053
license boot module c1900 technology-package securityk9
!
!
username itsmaroc privilege 15 iliass 0 iliass
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/0/0.2 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
pvc 8/35
oam-pvc manage
pppoe-client dial-pool-number 2
!
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname iliass01
ppp chap password 0 iliass2012
ppp pap sent-username iliass01 password 0 iliass2012
!
interface Dialer2
ip address negotiated
ip mtu 1492
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname iliass02
ppp chap password 0 iliass2012
ppp pap sent-username iliass02 password 0 iliass2012
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source static tcp 192.168.3.35 443 interface Dialer1 443
ip nat inside source static tcp 192.168.3.39 8080 interface Dialer1 8080
ip nat inside source static tcp 192.168.3.43 80 interface Dialer1 80
ip nat inside source static tcp 192.168.3.47 90 interface Dialer1 90
ip nat inside source static tcp 192.168.3.47 22 interface Dialer1 22
ip nat inside source route-map fixed-nat interface Dialer1 overload
ip nat inside source route-map fixed-nat2 interface Dialer2 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2
!
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 110 permit ip 192.168.3.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map fixed-nat2 permit 10
match ip address 110
match interface Dialer2
!
route-map fixed-nat permit 10
match ip address 110
match interface Dialer1
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
password itsmaroc
login
transport input telnet ssh
!
scheduler allocate 20000 1000
end
10-16-2012 08:56 AM
Sorry, I don't know what the reason could be. You can try updating IOS just a precaution.
10-16-2012 09:18 AM
ok thinks a lot Paolo
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: