09-15-2006 07:19 AM - edited 03-03-2019 02:00 PM
I have a 1811 series router now its set with dual internet connections two different ISP's I have 2 default routes basically It should load balance between two now my concern IS I need a port forwarding as we use privite space addressing. I am including current config addresses have been changed to examples.
ip sla 1
icmp-echo 24.168.1.6
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 72.15.49.4
ip sla schedule 2 life forever start-time now
!
track 123 rtr 1 reachability
!
track 456 rtr 2 reachability
!
interface FastEthernet0
description $ES_WAN$$FW_OUTSIDE$
ip address 24.168.1.5 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet1
ip address 72.15.49.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.195 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip local policy route-map MY_LOCAL_POLICY-2
ip route 0.0.0.0 0.0.0.0 71.249.216.1 track 123
ip route 0.0.0.0 0.0.0.0 64.8.212.209 track 456
ip route 64.8.212.209 255.255.255.255 FastEthernet0 permanent
!
ip nat inside source static tcp 192.168.1.3 20 interface FastEthernet2 20
ip nat inside source route-map FAST-0 interface FastEthernet0 overload
ip nat inside source route-map FAST-1 interface FastEthernet1 overload
ip nat inside source static tcp 192.168.1.1 21 24.168.1.5 21 extendable
ip nat inside source static tcp 192.168.1.1 25 24.168.1.5 25 extendable
ip nat inside source static tcp 192.168.1.1 80 24.168.1.5 80 extendable
ip nat inside source static tcp 192.168.1.68 1528 24.168.1.5 1528 extendable
ip nat inside source static tcp 192.168.1.50 1529 24.168.1.5 1529 extendable
ip nat inside source static tcp 192.168.1.48 3388 24.168.1.5 3388 extendable
ip nat inside source static tcp 192.168.1.1 21 72.15.49.3 21 extendable
ip nat inside source static tcp 192.168.1.1 25 72.15.49.3 25 extendable
ip nat inside source static tcp 192.168.1.1 80 72.15.49.3 80 extendable
ip nat inside source static tcp 192.168.1.68 1528 72.15.49.3 1528 extendable
ip nat inside source static tcp 192.168.1.50 1529 72.15.49.3 1529 extendable
ip nat inside source static tcp 192.168.1.48 3388 72.15.49.3 3388 extendable
logging trap debugging
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 150 permit ip 192.168.1.0 0.0.0.255 any
access-list 189 permit icmp any host 72.15.49.4 echo
access-list 199 permit icmp any host 24.168.1.6 echo
!
route-map FAST-1 permit 10
match ip address 1
match interface FastEthernet1
!
route-map FAST-0 permit 10
match ip address 1
match interface FastEthernet0
!
route-map MY_LOCAL_POLICY-2 permit 10
match ip address 189
set interface FastEthernet1
What do you think guys will this config support load sharing?
09-16-2006 06:33 AM
Looks goods in general but you have the same problem that I have not found a good solution to. Your configuration has a additional problem inbound.
The outbound problem is releated to relationships between multiple outbound tcp sessions. It is direcly related to applications assuming that your IP address does not change.
If for example you open a session with server a via ISP1. It authenticates you and tells you to go talk to server 2. It then in the background passes your ip address to server 2 and tells it to wait for your seesion. When your machine connects to server 2 and uses ISP2 thereby getting a different ip address server2 does not know about this ip and will not work.
The only solution I have found for this is to force say even address out one ISP and odd addresses out the the other. Sorta load balance by source address but with the additional issue of using the track option on the policy routing.
Now your inbound issue is that when traffic attempts to return to the outside user it does not know which path it came in on
If for example a users at 1.2.3.4 talks to server 72.15.49.3 it will of course translate the address to 192.168.1.1 The return traffic from 192.168.1.1 will arrive at the router and the router will load balance the traffic. Since inside to outside translation of nat happens after the routing desision you really have no way to assure that the traffic will return the way it came in. Even then I'm not sure which nat entry it will pick. If we assume it selected the outbound path with a source address of 24.168.1.5 if it uses that address to nat the session will not work. If it is smart enought to use 72.15.49.3 but sends it to the isp that expect 24.168.1.5 the isp will more than likely drop the session.
This second one I do not see a easy solution for. Maybe the new nat options where you don't specify the inside and outside interfaces will allow policy routing after the nat selection is made. You could then send the traffic out the interface it came in on. I have not had time to play with the new nat feaures much.
04-07-2007 01:19 PM
Hello Tim,
I have the same problem: I installed a 1811, having 2 different ISP's and a LAN with local addresses. I need to balance the traffic to the 2 WAN, and routing the all traffic to one of the WAN when the other is not reachable.
Do you have any new idea?
Many thanks,
Pavel
04-07-2007 01:20 PM
Hello Dimitri,
I have the same problem: I installed a 1811, having 2 different ISP's and a LAN with local addresses. I need to balance the traffic to the 2 WAN, and routing the all traffic to one of the WAN when the other is not reachable.
Do you have any new idea?
Many thanks,
Pavel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide