Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1619
Views
0
Helpful
4
Replies

dual isp load balancing while NAT is in operation

Go to solution
olly ahmed
Level 1
Level 1

‎05-20-2015 09:25 PM

Please send me a sample configuration for dual isp load balancing while NAT is in operation.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ashish Arora
Level 1
Level 1

‎05-26-2015 10:36 AM

ollyahmed

If you are looking specially for a router,then following configuration would be good.

there is a quick need to modify the configuration according to the type of configuration you are running , i mean (QOS policies, route directions and Tracking(ip sla).

 

version 15.2
service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

ip cef

!

multilink bundle-name authenticated

!

track 1 ip sla 1 reachability

!

track 2 ip sla 2 reachability

!

class-map match-all skype

match protocol skype

!

policy-map skype-policy

class skype

  set dscp ef

!

interface GigabitEthernet0/0

description LAN ip address 10.0.0.1 255.255.254.0 ip nat inside ip virtual-reassembly in duplex auto speed auto

!

interface GigabitEthernet0/1

description TASK

ip address 213.192.65.106 255.255.255.252 ip access-group 101 in ip nat outside ip virtual-reassembly in duplex auto speed auto crypto map GLIWICE-MAP service-policy input skype-policy service-policy output skype-policy

!

interface GigabitEthernet0/2

description "Wit-NET" mac-address 0030.4f61.5521 ip address 193.107.215.133 255.255.255.224 ip access-group 101 in ip nat outside ip virtual-reassembly in duplex auto speed auto
!

ip default-gateway 213.192.65.105 ip forward-protocol nd

 

ip nat inside source route-map nat_isp1 interface GigabitEthernet0/1 overload ip nat inside source route-map nat_isp2 interface GigabitEthernet0/2 overload

ip nat inside source static tcp 10.0.0.24 777 193.107.215.133 777 extendable ip nat inside source static tcp 10.0.0.2 1723 193.107.215.133 1723 extendable ip nat inside source static tcp 10.0.0.24 777 213.192.36.106 777 extendable
!---more static routes has been omitted---

 

ip default-network 213.192.65.105 ip route 0.0.0.0 0.0.0.0 213.192.65.105 track 1

ip route 0.0.0.0 0.0.0.0 193.107.215.129 track 2

ip sla 1

icmp-echo 213.192.65.105 source-interface GigabitEthernet0/1
threshold 2 timeout 1000 frequency 5

ip sla schedule 1 life forever start-time now

ip sla 2 icmp-echo 193.107.215.129 source-interface GigabitEthernet0/2 threshold 2 timeout 1000 frequency 5

ip sla schedule 2 life forever start-time now

!

 

access-list 110 deny   ip 10.0.0.0 0.0.1.255 10.0.100.0 0.0.0.255

access-list 110 permit ip 10.0.0.0 0.0.1.255 any access-list 190 permit ip 10.0.0.0 0.0.1.255 10.0.100.0 0.0.0.255

 

route-map TASK permit 10
match ip address 110

match interface GigabitEthernet0/1 !

route-map track_isp permit 10 match ip address 101 match interface GigabitEthernet0/1 set ip next-hop 213.192.65.105

!

route-map track_isp permit 20 match ip address 102 match interface GigabitEthernet0/2 set ip next-hop 193.107.215.129 ! route-map nat_isp2 permit 10 match ip address 110 match interface GigabitEthernet0/2 ! route-map nat_isp1 permit 10 match ip address 110 match interface GigabitEthernet0/1 ! - See more at: https://supportforums.cisco.com/discussion/11710646/dual-isp-connection-and-load-balancing#sthash.m0FSJNmn.dpuf

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Brian Ng
Level 1
Level 1

‎05-25-2015 05:00 PM

Hi Ollyahmed,

 

This will be different depending on what device you are talking about? I would assume you are talking about a router as that is where you would set up the dual ISP for load balancing. If this is on a Cisco Small Business router then it will work by default like the RV0xx series and the RV32x series.

0 Helpful

Go to solution
saif musa
Level 4
Level 4

‎05-26-2015 03:54 AM

If you are using ASA5500 series firewall, try to do the following....

 

ciscoasa#
ciscoasa# sh run
: Saved
:
ASA Version 8.0(4)
!
hostname ciscoasa
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address (publicIP-1)
!
interface GigabitEthernet0/1
 nameif backup
 security-level 0
 ip address (publicIP-2)
!
interface GigabitEthernet0/2
 nameif inside
 security-level 100
 ip address (privetIP-LAN)
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address (mangment-IP)
 management-only
!
ftp mode passive
object-group network inside-net
 network-object 0.0.0.0 0.0.0.0
access-list 101 extended permit tcp any any eq www
pager lines 24
logging asdm informational
mtu outside 1500
mtu backup 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (backup) 1 interface
nat (inside) 1 (LAN-Network-IP)
access-group 101 in interface outside
route outsdie 0.0.0.0 0.0.0.0 (your first ISP IP-gateway) track 1
route backup 0.0.0.0 0.0.0.0 (your second ISP IP-gateway) 254
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
 type echo protocol ipIcmpEcho (your first ISP IP-gateway) interface outsdie
 num-packets 3
 frequency 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
!
track 1 rtr 123 reachability
telnet 172.23.167.0 255.255.255.0 management
telnet 192.168.100.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 8.8.8.8 109.224.14.2
dhcpd lease 3000
dhcpd ping_timeout 30
!
dhcpd address (LAN-IPs) inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password enVBlKK8wNBLDGaC encrypted privilege 15
!
!
prompt hostname context
Cryptochecksum:595fd9acaa06415335f11905095fbb91
: end
ciscoasa#  wr
Building configuration...
Cryptochecksum: ff4e3aad e8fe0f81 48cbb71e 3efdb239
 
2624 bytes copied in 3.390 secs (874 bytes/sec)
[OK]

 

 

Please rate if its helpfull

0 Helpful

Go to solution
Ashish Arora
Level 1
Level 1

‎05-26-2015 10:36 AM

ollyahmed

If you are looking specially for a router,then following configuration would be good.

there is a quick need to modify the configuration according to the type of configuration you are running , i mean (QOS policies, route directions and Tracking(ip sla).

 

version 15.2
service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

ip cef

!

multilink bundle-name authenticated

!

track 1 ip sla 1 reachability

!

track 2 ip sla 2 reachability

!

class-map match-all skype

match protocol skype

!

policy-map skype-policy

class skype

  set dscp ef

!

interface GigabitEthernet0/0

description LAN ip address 10.0.0.1 255.255.254.0 ip nat inside ip virtual-reassembly in duplex auto speed auto

!

interface GigabitEthernet0/1

description TASK

ip address 213.192.65.106 255.255.255.252 ip access-group 101 in ip nat outside ip virtual-reassembly in duplex auto speed auto crypto map GLIWICE-MAP service-policy input skype-policy service-policy output skype-policy

!

interface GigabitEthernet0/2

description "Wit-NET" mac-address 0030.4f61.5521 ip address 193.107.215.133 255.255.255.224 ip access-group 101 in ip nat outside ip virtual-reassembly in duplex auto speed auto
!

ip default-gateway 213.192.65.105 ip forward-protocol nd

 

ip nat inside source route-map nat_isp1 interface GigabitEthernet0/1 overload ip nat inside source route-map nat_isp2 interface GigabitEthernet0/2 overload

ip nat inside source static tcp 10.0.0.24 777 193.107.215.133 777 extendable ip nat inside source static tcp 10.0.0.2 1723 193.107.215.133 1723 extendable ip nat inside source static tcp 10.0.0.24 777 213.192.36.106 777 extendable
!---more static routes has been omitted---

 

ip default-network 213.192.65.105 ip route 0.0.0.0 0.0.0.0 213.192.65.105 track 1

ip route 0.0.0.0 0.0.0.0 193.107.215.129 track 2

ip sla 1

icmp-echo 213.192.65.105 source-interface GigabitEthernet0/1
threshold 2 timeout 1000 frequency 5

ip sla schedule 1 life forever start-time now

ip sla 2 icmp-echo 193.107.215.129 source-interface GigabitEthernet0/2 threshold 2 timeout 1000 frequency 5

ip sla schedule 2 life forever start-time now

!

 

access-list 110 deny   ip 10.0.0.0 0.0.1.255 10.0.100.0 0.0.0.255

access-list 110 permit ip 10.0.0.0 0.0.1.255 any access-list 190 permit ip 10.0.0.0 0.0.1.255 10.0.100.0 0.0.0.255

 

route-map TASK permit 10
match ip address 110

match interface GigabitEthernet0/1 !

route-map track_isp permit 10 match ip address 101 match interface GigabitEthernet0/1 set ip next-hop 213.192.65.105

!

route-map track_isp permit 20 match ip address 102 match interface GigabitEthernet0/2 set ip next-hop 193.107.215.129 ! route-map nat_isp2 permit 10 match ip address 110 match interface GigabitEthernet0/2 ! route-map nat_isp1 permit 10 match ip address 110 match interface GigabitEthernet0/1 ! - See more at: https://supportforums.cisco.com/discussion/11710646/dual-isp-connection-and-load-balancing#sthash.m0FSJNmn.dpuf

0 Helpful

Go to solution
olly ahmed
Level 1
Level 1

‎10-11-2015 08:38 AM

Thanks Ashish 

0 Helpful
Customers Also Viewed These Support Documents