cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3865
Views
0
Helpful
7
Replies

Cisco 881 Load balancing and Static NAT

Italjapan
Level 1
Level 1

Hi,

i'm going to configure a 881-k9 with:

- Ethernet 0/0 LAN (Private Address)

- Ethernet 0/1 ISP1 (Public Address 1)

- Ethernet 0/2 ISP2 (Public Address 2)

Disegno2.jpg

Can you help me to find some configuration example to:

- have load balancing over the two ISP connection, used to connect to Internet

- configure Static NAT to bind:

     - TCP 443

     - TCP 1723
on ISP1 e ISP2 Interface to a LAN Address (SBS2008 Server)

Thanks for your help

Bye

1 Accepted Solution

Accepted Solutions

cadet alain
VIP Alumni
VIP Alumni

Hi,

For load balancing:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

For static PAT: use the keyword extendable in your static PAT statements

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

7 Replies 7

cadet alain
VIP Alumni
VIP Alumni

Hi,

For load balancing:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

For static PAT: use the keyword extendable in your static PAT statements

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

for PAT i found this:

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml

So if i have two ethernet interface with 2 Public IP Address (x.x.x.x and y.y.y.y) i have to use this 4 command:

- ip nat inside source static tcp 192.168.0.X 1723 x.x.x.x 1723 extendable

- ip nat inside source static tcp 192.168.0.X1723 y.y.y.y 1723 extendable

- ip nat inside source static tcp 192.168.0.X 443  x.x.x.x 443 extendable

- ip nat inside source static tcp 192.168.0.X 443 y.y.y.y 443 extendable

With this configuration, will i connect without distinction using the first or the second public ip?

Thanks

Hi,

yes you will.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

    You need to make sure that the router routes Internet traffic back to you via ISP1 or ISP2.

HTH,

Toshi

Hi,

thanks for your answers.

What i have to do to ensure traffic that become from ISP1 or ISP 2, traslated to an internal server (static PAT TCP/443), will come back with the right interface (the same he becomes)?

I think that assigning the same administrative distance both the interface ISP1 and ISP2 (i need to have load balancing), when the router will send back packets through internet could take the other route and this could be a problem.

Is there a command to say the router that traffic that come inside with an interface have to come back through the same inteface?

Thanks

Bye

yosoypako
Level 1
Level 1

Hi. I have configured a test enviroment very similar for a new deployment in a customer. I have this configuration on the router facing both isp:

--------------------------------------------------------------------------------------------------------------------------------

ip cef

interface FastEthernet0/0

description wan1

ip address 10.1.1.2 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet0/1

description wan2

ip address 10.1.2.2 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet1/0

ip address 172.16.100.1 255.255.252.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

speed 100

full-duplex

ip forward-protocol nd

!

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

ip nat inside source route-map wan1 interface FastEthernet0/0 overload

ip nat inside source route-map wan2 interface FastEthernet0/1 overload

!

access-list 110 permit ip 172.18.0.0 0.0.0.255 any

access-list 110 permit ip 172.17.0.0 0.0.4.255 any

access-list 110 permit ip 172.16.100.0 0.0.0.255 any

!

!

!

route-map wan1 permit 10

match ip address 110

match interface FastEthernet0/0

!

route-map wan2 permit 10

match ip address 110

match interface FastEthernet0/1

--------------------------------------------------------------------------------------------------------------------------------

The problem I am having is that all the user sessions are going out only through one of the outside interface (the one witch the ip route has been longer in the routing table) I have tried to modify the ip cef load-sharing algorith with no sucess.

What am I doing wrong?

OK.

I have solved it. The prblem was in the static routes. The have to point to the ip address of the isp router not to the local interface.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco