Solved: Cisco 881 Load balancing and Static NAT

Italjapan · ‎12-04-2012

Hi,

i'm going to configure a 881-k9 with:

- Ethernet 0/0 LAN (Private Address)

- Ethernet 0/1 ISP1 (Public Address 1)

- Ethernet 0/2 ISP2 (Public Address 2)

Can you help me to find some configuration example to:

- have load balancing over the two ISP connection, used to connect to Internet

- configure Static NAT to bind:

- TCP 443

- TCP 1723
on ISP1 e ISP2 Interface to a LAN Address (SBS2008 Server)

Thanks for your help

Bye

cadet alain · ‎12-04-2012

Hi,

For load balancing:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

For static PAT: use the keyword extendable in your static PAT statements

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎12-04-2012

Hi,

For load balancing:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

For static PAT: use the keyword extendable in your static PAT statements

Regards.

Alain

Don't forget to rate helpful posts.

Italjapan · ‎12-04-2012

Hi,

for PAT i found this:

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml

So if i have two ethernet interface with 2 Public IP Address (x.x.x.x and y.y.y.y) i have to use this 4 command:

- ip nat inside source static tcp 192.168.0.X 1723 x.x.x.x 1723 extendable

- ip nat inside source static tcp 192.168.0.X1723 y.y.y.y 1723 extendable

- ip nat inside source static tcp 192.168.0.X 443 x.x.x.x 443 extendable

- ip nat inside source static tcp 192.168.0.X 443 y.y.y.y 443 extendable

With this configuration, will i connect without distinction using the first or the second public ip?

Thanks

cadet alain · ‎12-04-2012

Hi,

yes you will.

Regards.

Alain

Don't forget to rate helpful posts.

Thotsaphon Lueangwattanaphong · ‎12-04-2012

Hi,

You need to make sure that the router routes Internet traffic back to you via ISP1 or ISP2.

HTH,

Toshi

Italjapan · ‎12-11-2012

Hi,

thanks for your answers.

What i have to do to ensure traffic that become from ISP1 or ISP 2, traslated to an internal server (static PAT TCP/443), will come back with the right interface (the same he becomes)?

I think that assigning the same administrative distance both the interface ISP1 and ISP2 (i need to have load balancing), when the router will send back packets through internet could take the other route and this could be a problem.

Is there a command to say the router that traffic that come inside with an interface have to come back through the same inteface?

Thanks

Bye

yosoypako · ‎03-01-2013

Hi. I have configured a test enviroment very similar for a new deployment in a customer. I have this configuration on the router facing both isp:

--------------------------------------------------------------------------------------------------------------------------------

ip cef

interface FastEthernet0/0

description wan1

ip address 10.1.1.2 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet0/1

description wan2

ip address 10.1.2.2 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet1/0

ip address 172.16.100.1 255.255.252.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

speed 100

full-duplex

ip forward-protocol nd

!

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

ip nat inside source route-map wan1 interface FastEthernet0/0 overload

ip nat inside source route-map wan2 interface FastEthernet0/1 overload

!

access-list 110 permit ip 172.18.0.0 0.0.0.255 any

access-list 110 permit ip 172.17.0.0 0.0.4.255 any

access-list 110 permit ip 172.16.100.0 0.0.0.255 any

!

route-map wan1 permit 10

match ip address 110

match interface FastEthernet0/0

!

route-map wan2 permit 10

match ip address 110

match interface FastEthernet0/1

--------------------------------------------------------------------------------------------------------------------------------

The problem I am having is that all the user sessions are going out only through one of the outside interface (the one witch the ip route has been longer in the routing table) I have tried to modify the ip cef load-sharing algorith with no sucess.

What am I doing wrong?

yosoypako · ‎03-01-2013

OK.

I have solved it. The prblem was in the static routes. The have to point to the ip address of the isp router not to the local interface.