09-08-2015 12:22 PM - edited 03-05-2019 02:15 AM
Hello,
I have 2 different ISP uplinks on a router. There are 2 default routes, one to ISP A with distance 1, one to ISP B with distance 10.
I have configured port forwards on each outside interfaces to inside (ip nat inside source static tcp 192.168.0.10 25 x.x.x.x 25 extendable). The packets are correctly forwarded from outside to inside, but then they don't exit "correctly" (meaning=as I want).
The packets always exit through ISP A even if they enter through ISP B. Of course it does not work because ISP A then drops packets because they don't come from its network.
The most obvious use case is SMTP MX records to receive emails. I cannot identify source networks and route them through either ISP A or ISP B, any public IP is basically a valid source for this service.
It is possible in Linux-based routers using mangle rules (connection marks) and then make routing decision using those marks.
So, is it possible to configure a Cisco router to "remember" the inbound interface of each connection and use that same interface for the outbound interface ?
Solved! Go to Solution.
09-08-2015 03:10 PM
this is achievable using Policy based routing on cisco ios. you can create an aCL, and call that in route map, and configure the router to say if you see an outgoing packet with source ip 192.168.0.10:25, please use ISPA or ISP-B as an outgoing interface (whichever the the inbound traffic has come from). Let me know if you need exact details as in specific configuration script.
09-08-2015 03:10 PM
this is achievable using Policy based routing on cisco ios. you can create an aCL, and call that in route map, and configure the router to say if you see an outgoing packet with source ip 192.168.0.10:25, please use ISPA or ISP-B as an outgoing interface (whichever the the inbound traffic has come from). Let me know if you need exact details as in specific configuration script.
09-09-2015 02:57 AM
You're right.
I didn't think of it because I had only one IP address on my internal servers. However, I can add a secondary IP address to each server and have 2 sets of NAT rules: one for ISP A and the primary IP addresses, a second set for ISP B and the secondary IP addresses.
Then I can also use PBR matching the different sets of IP addresses and set ip next-hop.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide