Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladimir Pilipchuk2012-02-14 13:27:17
Cisco
Vladimir Pilipchuk, 2012-02-14 13:27:17

Availability of services simultaneously on two or more WANs on Cisco

Dear colleagues, I ask for help in configuring a Cisco router to provide access to internal network services from the Internet simultaneously via two channels + NAT. Maybe someone will share a working solution, or give a link to it, because I have already tried almost everything that is described on cisco.com and the Internet.

There is a router with (C181X-ADVENTERPRISEK9-M), Version 15.0(1)M3 on board. It receives two uplinks from two different providers. One FastEthernet, the second PPPoE. Behind the router there are a couple of users and several servers providing a total of about 50 different services (read ports). It is necessary to release a subnet to the Internet (NAT) and organize PortForwarding to both external IPs.

The problem is that with balanced routes by default or without AD at all, the router goes into balancing mode and port-forwarding works as it should, but NAT does not work. With different AD - NAT works, but services are available only on the channel with the smallest AD.

With PBR (which I don't really know how to cook) nothing works at all. Maybe, of course, it’s worth rolling back to 12.4 (everything definitely worked there), but there is no full-fledged OER.

Merci in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir Pilipchuk, 2012-02-15
@SLIDERWEB

After smoking various manuals and ways of the samurai, I solved the issue in the following way:
ip nat inside source static tcp 10.10.45.2 25 ISP1_IP 25 extendable
ip nat inside source static tcp 10.10.45.20 25 ISP2_IP 25 extendable
ip route 0.0.0.0 0.0.0.0 ISP1_IP
ip route 0.0. 0.0 0.0.0.0 Dialer0 10
!
ip access-list extended NAT
permit ip 10.10.45.0 0.0.0.255 any
ip access-list extended SRV1
permit ip host 10.10.45.2 any
permit ip host 10.10.45.3 any
ip access-list extended SRV2
permit ip host 10.10.45.20 any
permit ip host 10.10.45.30 any
!
route-map NAT-CLIENT-ISP2 permit 10
match ip address NAT
match interface Dialer0
!
route-map NAT permit 100
match ip address SRV1
set default interface FastEthernet0
!
route-map NAT permit 200
match ip address SRV2
set default interface Dialer0
!
route-map NAT-CLIENT-ISP1 permit 10
match ip address NAT
match interface FastEthernet0
It seems to work.

Report
S
Sergey, 2012-02-14
@bondbig

I'm afraid that in the case of a tsiska for broadcasting to both uplinks, BGP is indispensable.

Similar questions
S
Sergey2015-11-12 12:59:01
How to select a range of NOT private networks in cisco ASA? 1Reply
S
Saab_9122021-07-25 17:56:44
IKEv2 and MOBIKE on CISCO? 1Reply
N
NetWalk2012-06-02 15:50:56
How to install usb on linksys e3200? 2Reply
M
Mikhail Anatolyevich2020-05-19 13:49:51
Is it possible to enable both ranges on the same SSID? 1Reply
V
Vadim Rybalko2018-04-06 16:53:06
How to connect routers to the core network? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question