01-13-2013 11:58 AM - edited 03-07-2019 11:04 AM
Hi,
I'm configuring a Cisco 2600 (IOS 12.4) router with 3 ethernet ports:
- LAN Port
- WAN 1 port (First ISP)
- WAN 2 port (Second ISP)
I need:
- Fault-tolerant/ Load balancing WAN connection with the two ISP connection using NAT from LAN
- access from TCP/23 FIRST-ISP IP (X.X.X.X) and SECOND-ISP IP (Y.Y.Y.Y) to TCP/23 of a LAN SERVER (I assigned to 2 IP Z1.Z1.Z1.Z1 and Z2.Z2.Z2.Z2 address to the ethernet interface of the server)
I used this configuration:
...
interface FastEthernet0/0
description LAN
ip address Z.Z.Z.Z 255.255.255.0
ip nat inside
ip policy route-map TCP23-in
duplex auto
speed auto
!
interface FastEthernet0/1
description FIRST-ISP
ip address X.X.X.X 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface Ethernet1/0
description SECOND-ISP
ip address Y.Y.Y.Y 255.255.255.248
ip nat outside
full-duplex
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 X1.X1.X1.X1
ip route 0.0.0.0 0.0.0.0 Y1.Y1.Y1.Y1
!
no ip http server
no ip http secure-server
ip nat inside source static tcp Z1.Z1.Z1.Z1 23 interface Ethernet1/0 23
ip nat inside source static tcp Z2.Z2.Z2.Z2 23 interface FastEthernet0/1 23
ip nat inside source route-map FIRST-ISP interface FastEthernet0/1 overload
ip nat inside source route-map SECOND-ISP interface Ethernet1/0 overload
ip access-list extended TRAFFIC-FROM-Z1.Z1.Z1.Z1
permit tcp host Z1.Z1.Z1.Z1eq 23 any
ip access-list extended TRAFFIC-FROM-Z2.Z2.Z2.Z2
permit tcp host Z2.Z2.Z2.Z2 eq 23 any
access-list 110 permit ip Z.Z.Z.0 0.0.0.255 any
route-map TCP23-in permit 10
match ip address TRAFFIC-FROM-Z1.Z1.Z1.Z1
set interface FastEthernet0/1
!
route-map TCP23-in permit 20
match ip address TRAFFIC-FROM-Z2.Z2.Z2.Z2
set interface Ethernet1/0
!
route-map FIRST-ISP permit 10
match ip address 110
match interface FastEthernet0/1
!
route-map SECOND-ISP permit 10
match ip address 110
match interface Ethernet1/0
...
The configuration works fine for this:
- access from TCP/23 FIRST-ISP IP and SECOND-ISP IP to TCP/23 of a LAN server (I assigned to 2 IP address to the ethernet interface of the server)
My problem is that i have Fault-tolerant WAN connection with the two ISP connection using NAT from LAN, but not load balancing.
If i try to shutdown the FIRST-ISP interface, the router start to use the default route to SECOND-ISP route making NAT, but if the two interfaces are "no shutdown", the router use only FIRST-ISP route.
I tried with the SERVER making a lot of HTTP connection to http://www.whatismyip.com/.
Please help me.
Thanks
01-13-2013 12:48 PM
The replies to incoming requests are sent to the right ISP because of the NAT sessions.
For outgoing traffic, in the setup you're using PBR for TCP 23, but testing it with HTTP. If you want all traffic to be load balanced, take out the "eq 23" from your access lists.
01-13-2013 01:43 PM
Hi,
i've not problem with incoming traffic to TCP/23 like i wrote here:
"The configuration works fine for this:
- access from TCP/23 FIRST-ISP IP and SECOND-ISP IP to TCP/23 of a LAN server (I assigned to 2 IP address to the ethernet interface of the server)"
and i'm not using "For outgoing traffic, in the setup you're using PBR for TCP 23".
My problem is that using this two routes:
- ip route 0.0.0.0 0.0.0.0 X1.X1.X1.X1 (FIRST-ISP)
- ip route 0.0.0.0 0.0.0.0 Y1.Y1.Y1.Y1 (SECOND-ISP)
the router is not load balancing the traffic but using only:
- ip route 0.0.0.0 0.0.0.0 X1.X1.X1.X1 (FIRST-ISP)
start to use the second route only if the first route is not available.
I made my configuration reading this:
https://supportforums.cisco.com/thread/2067691
Thanks
01-13-2013 03:30 PM
I was wrong...
Per-destination load balancing is enabled by default when you enable CEF:
http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcfcefc.html#wp1000875
I was trying to ping the same destination and the route was the same.
But if I try to "traceroute" different destination, the router randomize the outgoing route.
Bye
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide