Re: WAN Load balancing in Cisco 2620

hussainul · ‎01-06-2010

I want to configuring Dual ISP Internet Load balancing using 2620 Router. is it possible to configure it?

Marwan ALshawi · ‎01-06-2010

sure you can, have a look at the following documents:

https://supportforums.cisco.com/docs/DOC-8313

https://supportforums.cisco.com/docs/DOC-8353

good luck

if helpful Rate

hussainul · ‎01-06-2010

my cisco 2620 router does not support IP SLA command. is ther any alternative?

Marwan ALshawi · ‎01-06-2010

ok, the above document describe extra features

you do not need al othe above features

in your case you need to make sure you have two default routes each one oint to one of the ISPS next hops

and see how nating configured in the above document you do ot need PBR or IP SLA for basic loadbalncing config

good luck

if helpful Rate

hussainul · ‎01-06-2010

Dear Marwanshawi,

here is my config plz chk it out is it corrent or not.

Current configuration : 2563 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname Router
!
enable secret 5 $1$J94q$wBwFC0xOvrDG9WDAsozwI.
!
username admin privilege 15 password 7 1511021F0725
ip subnet-zero
no ip source-route
ip cef
!
!
ip name-server 202.186.252.2
ip name-server 202.4.97.2
!
no ip bootp server
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description ISP1
ip address 202.183.246.181 255.255.255.248
ip nat outside
ip load-sharing per-packet
no ip mroute-cache
duplex auto
speed auto
!
interface Ethernet1/0
description ISP2
ip address 202.5.104.14 255.255.255.248
ip nat outside
ip load-sharing per-packet
no ip mroute-cache
full-duplex
!
interface Ethernet1/1
no ip address
no ip mroute-cache
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
no ip mroute-cache
shutdown
half-duplex
!
interface Ethernet1/3
ip address 172.16.5.230 255.255.0.0
ip nat inside
no ip mroute-cache
half-duplex
!
ip nat pool ISP1 172.16.0.0 172.16.0.0 prefix-length 16
ip nat pool ISP2 172.16.0.0 172.16.0.0 prefix-length 16
ip nat inside source route-map ISP1 pool ISP1
ip nat inside source route-map ISP2 pool ISP2
no ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 202.183.246.177
ip route 0.0.0.0 0.0.0.0 Ethernet1/0 202.5.104.9
no ip http server
!
access-list 1 permit 172.16.0.0 0.0.0.255
access-list 2 permit 172.16.0.0 0.0.0.255
access-list 101 permit ip 172.16.0.0 0.0.0.255 any
no cdp run
route-map ISP2 permit 10
match ip address 101
match interface Ethernet1/3
!
route-map ISP1 permit 10
match ip address 101
match interface Ethernet1/3

Marwan ALshawi · ‎01-06-2010

sorry, the config you put is incorrect

use the follwoing config instead of the one you post it

ip nat inside source route-map ISP1 interface FastEthernet0/0 overload
ip nat inside source route-map ISP1 interface FastEthernet1/0 overload

ip route 0.0.0.0 0.0.0.0 202.183.246.177
ip route 0.0.0.0 0.0.0.0 202.5.104.9

access-list 101 permit ip 172.16.0.0 0.0.0.255 any

route-map ISP1 permit 10
match ip address 101
match interface Ethernet0/0
!
route-map ISP1 permit 10
match ip address 101
match interface Ethernet1/0

you do not need a pool unless you have a range of public IPs allocated from your ISP to you and you wanna use it for all of the users when use the internet, i used above the interface with overload keyword this will use the interface IP as the source over the internet for all the users overload will use diffrent port for each session.

in the route maps tyou used the internal interface while it supposed to be the external interface in each one ( match interface means match the exit interface !!!)

aslo next time do not put public IP address if you post any config just put x.x.x.x

compare it to your config and then compare it to the document i sent you above to understand the idea

good luck

if helpful rate

hussainul · ‎01-06-2010

Dear marwanshawi,

i've done all the thing that u mentioned in ur post, but i cant browse or ping in yahoo or any site from my local pc.i put in my local pc ip 172.16.5.235 255.255.255.0 gw 172.16.5.230 dns ISP DNS. plz chk my configuration below is it correct or not.

!
interface FastEthernet0/0
description ISP1
ip address x.x.x.x 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface Ethernet1/0
description ISP2
ip address x.x.x.x 255.255.255.248
ip nat outside
half-duplex
!
interface Ethernet1/1
no ip address
no ip mroute-cache
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
no ip mroute-cache
shutdown
half-duplex
!
interface Ethernet1/3
description TO LAN
ip address 172.16.5.230 255.255.0.0
ip nat inside
half-duplex
!
ip nat inside source route-map ISP1 interface FastEthernet0/0 overload
ip nat inside source route-map ISP2 interface Ethernet1/0 overload
no ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
!
access-list 101 permit ip 172.16.0.0 0.0.0.255 any
no cdp run
route-map ISP2 permit 10
match ip address 101
match interface FastEthernet0/0
!
route-map ISP1 permit 10
match ip address 101
match interface Ethernet1/0
!

Marwan ALshawi · ‎01-07-2010

update ACL 101

no access-list 101 permit ip 172.16.0.0 0.0.0.255 any

access-list 101 permit ip 172.16.0.0 0.0.255.255 any

good luck

hussainul · ‎01-10-2010

Dear marwanshawi,

now it was working. but bit slower. some times it was not working properly. is there any necessary steps to take the load balancing working smoothly.