Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
2
Replies

Return route with port forwards and multiple outside interfaces

Go to solution
Fab T
Level 1
Level 1

‎09-08-2015 12:22 PM - edited ‎03-05-2019 02:15 AM

Hello,

I have 2 different ISP uplinks on a router. There are 2 default routes, one to ISP A with distance 1, one to ISP B with distance 10.

I have configured port forwards on each outside interfaces to inside (ip nat inside source static tcp 192.168.0.10 25 x.x.x.x 25 extendable). The packets are correctly forwarded from outside to inside, but then they don't exit "correctly" (meaning=as I want).

The packets always exit through ISP A even if they enter through ISP B. Of course it does not work because ISP A then drops packets because they don't come from its network.

The most obvious use case is SMTP MX records to receive emails. I cannot identify source networks and route them through either ISP A or ISP B, any public IP is basically a valid source for this service.

 

It is possible in Linux-based routers using mangle rules (connection marks) and then make routing decision using those marks.

So, is it possible to configure a Cisco router to "remember" the inbound interface of each connection and use that same interface for the outbound interface ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lovleen Arora
Level 1
Level 1

‎09-08-2015 03:10 PM

 

this is achievable using Policy based routing on cisco ios. you can create an aCL, and call that in route map, and configure the router to say if you see an outgoing packet with source ip 192.168.0.10:25, please use ISPA or ISP-B as an outgoing interface (whichever the the inbound traffic has come from). Let me know if you need exact details as in specific configuration script.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Lovleen Arora
Level 1
Level 1

‎09-08-2015 03:10 PM

 

this is achievable using Policy based routing on cisco ios. you can create an aCL, and call that in route map, and configure the router to say if you see an outgoing packet with source ip 192.168.0.10:25, please use ISPA or ISP-B as an outgoing interface (whichever the the inbound traffic has come from). Let me know if you need exact details as in specific configuration script.

0 Helpful

Go to solution
Fab T
Level 1
Level 1
In response to Lovleen Arora

‎09-09-2015 02:57 AM

You're right.

I didn't think of it because I had only one IP address on my internal servers. However, I can add a secondary IP address to each server and have 2 sets of NAT rules: one for ISP A and the primary IP addresses, a second set for ISP B and the secondary IP addresses.

Then I can also use PBR matching the different sets of IP addresses and set ip next-hop.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card