Dual ISP config assistance

Answered Question
Dec 3rd, 2009
User Badges:

Dear Experts,


I am configuring Dual ISP Internet Load sharing using 1841 Router


I have 2 network say 218.248.28.0/28 and 59.65.163.0/24 in my LAN. I want these two networks connected to internet. I have 2 ISPs one ISP-1 and ISP-2 directly terminated in the router. Please refer the Network Diagram attached & NAT router conifguration.


As per ISPs policy the IP address of the other is not allowed in their ISP. For  instance ISP-1 will not allow ISP-2 ip address as the source.


The issue I am facing is, my packets are always choosing ISP-2 and not ISP-1 even though both the ISPs route are present in the routing table of NAT router. What could be the problem. can you please help me.


Thanks in advance


sairam


CONFIGURATION:


interface Ethernet0/0
ip address 218.248.28.145 255.255.255.240
ip nat inside
description ****** LAN-INSIDE-NETWORK********
!
interface Ethernet0/1
ip address 121.24.232.10 255.255.255.248
ip nat outside
description ****** ISP-1 ********

!
interface Ethernet0/2
ip address 172.24.3.133 255.255.255.252
ip nat outside
description ****** ISP-2 ********

!
ip route 0.0.0.0 0.0.0.0 Ethernet0/2 172.24.3.134
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 121.24.232.11
!
ip nat pool ISP-2 218.248.28.148 218.248.28.148 prefix-length 24
ip nat pool ISP-1 59.65.163.2 59.65.163.2 prefix-length 24
ip nat inside source route-map ISP-2 pool ISP-2
ip nat inside source route-map ISP-1 pool ISP-1
!
access-list 1 permit 59.65.163.0 0.0.0.255
access-list 2 permit 218.248.28.0 0.0.0.255
access-list 101 permit ip 218.248.28.0 0.0.0.255 any
access-list 102 permit ip 59.65.163.0 0.0.0.255 any
!
route-map ISP-1 permit 10
match ip address 102
match interface Ethernet0/1
!
route-map ISP-2 permit 10
match ip address 101
match interface Ethernet0/2

Attachment: 
Correct Answer by Laurent Aubert about 7 years 7 months ago

Hi,


Load-balancing is per flow so you need to send traffic from different source addresses to actually see the load-balancing in action.


Also I notice in your configuration that you bind one outside interface to one inside interface so you don't have any backup. If you want one inside interface to use both outside interfaces, your configuration should be like this:


access-list 101 permit ip 218.248.28.0 0.0.0.255 any
access-list 101 permit ip 59.65.163.0 0.0.0.255 any

!

route-map ISP-1 permit 10
match ip address 101
match interface Ethernet0/1
!
route-map ISP-2 permit 10
match ip address 101
match interface Ethernet0/2

!


HTH


Laurent.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Laurent Aubert Fri, 12/04/2009 - 06:41
User Badges:
  • Cisco Employee,

Hi,


Load-balancing is per flow so you need to send traffic from different source addresses to actually see the load-balancing in action.


Also I notice in your configuration that you bind one outside interface to one inside interface so you don't have any backup. If you want one inside interface to use both outside interfaces, your configuration should be like this:


access-list 101 permit ip 218.248.28.0 0.0.0.255 any
access-list 101 permit ip 59.65.163.0 0.0.0.255 any

!

route-map ISP-1 permit 10
match ip address 101
match interface Ethernet0/1
!
route-map ISP-2 permit 10
match ip address 101
match interface Ethernet0/2

!


HTH


Laurent.

Actions

This Discussion