05-25-2009 05:29 PM - edited 03-06-2019 05:55 AM
Hi! I've got 1811 on my network.
Try to connect my lan to 2 ISPs.
---
version 12.4
!
ip cef
!
multilink bundle-name authenticated
!
ip tcp synwait-time 10
!
track 10 rtr 110 reachability
delay down 30 up 60
!
track 11 rtr 111 reachability
delay down 30 up 60
!
interface FastEthernet0
description ptkom uplink$ETH-WAN$$FW_OUTSIDE$
ip address 192.168.116.14 255.255.255.0 secondary
ip address 85.95.147.3 255.255.255.192
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
description enforta uplink$ETH-WAN$$FW_OUTSIDE$
ip address 79.122.164.134 255.255.255.252
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
interface FastEthernet2
description EnfortaVPN
switchport access vlan 2
!
interface Vlan1
description Morozova LAN$ES_LAN$$FW_INSIDE$
ip address 192.168.52.254 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 85.95.147.1 track 10
ip route 0.0.0.0 0.0.0.0 79.122.164.133 track 11
ip route 79.122.164.132 255.255.255.252 FastEthernet1 permanent
ip route 85.95.147.0 255.255.255.192 FastEthernet0 permanent
ip route 172.16.248.0 255.255.255.240 172.16.248.17
ip route 172.16.248.32 255.255.255.240 172.16.248.17
ip route 192.168.6.0 255.255.255.0 172.16.248.2
ip route 192.168.7.0 255.255.255.0 172.16.248.34
!
!
ip nat inside source route-map RM-enforta interface FastEthernet1 overload
ip nat inside source route-map RM-ptkom interface FastEthernet0 overload
ip nat inside source static tcp 192.168.52.7 2443 79.122.164.134 2443 extendable
ip nat inside source static tcp 192.168.52.7 3389 79.122.164.134 3389 extendable
ip nat inside source static tcp 192.168.52.7 25 85.95.147.3 25 extendable
ip nat inside source static tcp 192.168.52.7 110 85.95.147.3 110 extendable
ip nat inside source static tcp 192.168.52.7 2443 85.95.147.3 2443 extendable
ip nat inside source static tcp 192.168.52.7 3389 85.95.147.3 3389 extendable
ip nat inside source static tcp 192.168.52.8 3389 85.95.147.3 3390 extendable
!
ip access-list extended LANs
permit ip 192.168.52.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip 192.168.43.0 0.0.0.255 any
remark Put All inside LANs here
ip access-list extended NAT
remark SDM_ACL Category=18
deny ip any 192.168.6.0 0.0.0.255
deny ip any 192.168.7.0 0.0.0.255
deny ip any 192.168.52.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 any
permit ip 192.168.7.0 0.0.0.255 any
permit ip 192.168.52.0 0.0.0.255 any
!
ip sla 110
icmp-echo 85.95.147.1 source-ip 85.95.147.3
frequency 10
ip sla schedule 110 life forever start-time now
ip sla 111
icmp-echo 79.122.164.133 source-ip 79.122.164.134
frequency 10
ip sla schedule 111 life forever start-time now
no logging trap
access-list 116 permit ip any 192.168.6.0 0.0.0.255
access-list 117 permit ip any 192.168.7.0 0.0.0.255
no cdp run
!
route-map RM-enforta permit 10
match ip address NAT
match interface FastEthernet1
!
route-map RM-ptkom permit 10
match ip address NAT
match interface FastEthernet0
!
!
end
---
Everything worked fine until i tried to add
the following (i have to access 192.168.227.0/24 with nat, but from 192.168.116.14 ip):
----
ip route 192.168.227.0 255.255.255.0 192.168.116.1
ip nat pool PortMAN 192.168.116.14 192.168.116.14 netmask 255.255.255.0
ip nat inside source route-map RM-PortMAN pool PortMAN overload
ip access-list extended PortMAN
permit ip any 192.168.116.0 0.0.0.255
permit ip any 192.168.227.0 0.0.0.255
route-map RM-PortMAN permit 10
match ip address PortMAN
match interface FastEthernet0
---
After that my port forwardings (from wan to lan) became inaccessible. I think because they come in from one route and get out from another.
What should i do?
Now, even after deletion of the rules, port forwardings do not work
Any ideas?
05-29-2009 06:09 AM
I think there is no problem on your NAT. Anyhow issue the command
âShow ip nat translationâ it will helps you to troubleshoot.
Ensure the ACL configuration and the route-map
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: