Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Re: Dual WAN on a 2651, NAT inside, opening one port on the seconday WAN (http://www.velocityreviews.com/forums/t954891-re-dual-wan-on-a-2651-nat-inside-opening-one-port-on-the-seconday-wan.html)

Martin Gallagher 11-27-2012 09:27 AM

Re: Dual WAN on a 2651, NAT inside, opening one port on the seconday WAN
 
Don Kuenz wrote:

>
> On the surface it seems plausible that packets sent to port 66 of
> 11.23.44.77:66 actually reach 192.168.44.55:66. But reply packets
> out of 192.168.44.55 get routed through 11.22.33.49 (the default)
> instead of 11.23.44.76 (the secondary WAN where the TCP session was
> started.)
>


Not only plausible, it's what will happen.

> I seem to recall a "sticky route" parameter that instructs IOS to stick
> with the originating gateway for a given TCP session. Any help
> appreciated. TIA.
>


You are routing this traffic based on where it came from, 192.168.44.55:66,
and not where it's going. For this you need Policy Routing.

Understanding Policy Routing
============================
http://www.cisco.com/en/US/tech/tk36...8009481d.shtml

> The pertinent parts of the config:
>
> ip route 0.0.0.0 0.0.0.0 11.22.33.49
> ip nat inside source list 101 interface FastEthernet0/1 overload
> ip nat inside source list 102 interface Ethernet1/0 overload
>


Since ACL 101 and 102 are identical 101 will always match and all your
traffic will overload on F0/1 even if you do manage to send some of it via
E1/0. So:

!
ip nat inside source route-map F01 interface FastEthernet0/1 overload
ip nat inside source route-map E10 interface Ethernet1/0 overload
!
route-map E10 permit 10
match interface FastEthernet0/1
match ip access-list 101
!
route-map E10 permit 10
match interface Ethernet1/0
match ip access-list 102
!

--
Rgds,
Martin


All times are GMT. The time now is 04:37 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.