I have a lab router on which I am working on ( 876 ) and I have succefully configured wan failover for the 2 wan interfaces. Now the failover part works great and traffic is routed correctly. Also the port forward works but only for the active routed interface. What I want is to have port forward working for either wan but somehow this fails. I see in the debug that the incoming packet from wan2 reaches the server but the returning packets are routed through wan1, not the one they came in from. Any notes on my config? I have searched everywhere but can't seem to find the problem. My config should work as it is
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname lab-fw ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ! ! dot11 syslog no ip source-route ip arp proxy disable ! ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! archive log config hidekeys ! ! ! track 10 ip sla 1 reachability delay down 1 up 1 ! track 20 ip sla 2 reachability delay down 1 up 1 ! ! ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface ATM0 no ip address no atm ilmi-keepalive ! interface ATM0.1 point-to-point pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 switchport access vlan 100 ! interface Vlan1 ip address 192.168.0.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan100 ip address Y.Y.Y.Y 255.255.255.248 ip nat outside ip virtual-reassembly ! interface Dialer0 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname ppp chap password ppp pap sent-username ! no ip classless ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 vlan100-gw-ip track 10 ip route 0.0.0.0 0.0.0.0 Dialer0 200 track 20 ip route 18.104.22.168 255.255.255.255 Dialer0 ip route 22.214.171.124 255.255.255.255 vlan100-gw-ip
no ip http server no ip http secure-server ! ! ip nat inside source route-map wan1 interface Vlan100 overload ip nat inside source route-map wan2 interface Dialer0 overload ip nat inside source static tcp 192.168.0.10 443 di0-IP 443 route-map wan2 extendable ip nat inside source static tcp 192.168.0.10 443 Y.Y.Y.Y 443 route-map wan1 extendable ! ip sla 1 icmp-echo 126.96.36.199 source-interface Vlan100 timeout 500 threshold 500 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 188.8.131.52 source-interface Dialer0 timeout 500 threshold 500 ip sla schedule 2 life forever start-time now access-list 100 permit ip 192.168.0.0 0.0.0.255 any ! ! ! ! route-map wan1 permit 10 match ip address 100 match interface Vlan100 ! route-map wan2 permit 10 match ip address 100 match interface Dialer0 ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 login ! scheduler max-task-time 5000 event manager applet clear_nat_1 event track 10 state any action 0.0 cli command "enable" action 1.0 cli command "clear ip nat trans *" event manager applet clear_nat_2 event track 20 state any action 0.0 cli command "enable" action 1.0 cli command "clear ip nat trans *" ! end
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...