PBR for load sharing purposes

Discussion in 'Cisco' started by paranic, Oct 31, 2005.

  1. paranic

    paranic Guest

    hi there

    i have the folowing config

    interface FastEthernet0/0
    description Connected to LAN
    ip address 62.103.116.2 255.255.255.128
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip nbar protocol-discovery
    ip route-cache same-interface
    ip route-cache policy
    ip policy route-map test
    speed auto
    full-duplex
    no cdp enable
    !
    interface Serial0/0
    description Connected to ISP1
    ip address 62.103.132.194 255.255.255.252
    ip access-group 101 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache policy
    no ip mroute-cache
    no cdp enable
    !
    interface Dialer1
    description Connected to ISP2
    ip nat outside
    ip route-cache policy

    ip nat inside source route-map D1 interface Dialer1 overload
    ip route 0.0.0.0 0.0.0.0 Serial0/0

    access-list 120 permit udp any any eq 4000
    access-list 120 permit tcp any any eq 4000
    access-list 120 permit udp any any range 6112 6119
    access-list 120 permit tcp any any range 6112 6119
    access-list 120 permit tcp any any eq 3724
    access-list 120 permit tcp any any range 6881 6999
    access-list 120 permit tcp any any range 2025 2035
    access-list 120 permit udp any any range 2025 2035
    access-list 120 permit tcp any any eq 22
    access-list 120 permit igmp any any
    access-list 120 permit icmp any any

    access-list 121 permit ip 62.103.116.0 0.0.0.127 any

    route-map test permit 10
    match ip address 120
    match interface FastEthernet0/0
    set interface Serial0/0
    !
    route-map test permit 20
    match ip address 121
    match interface FastEthernet0/0
    set interface Dialer1
    !
    route-map D1 permit 1
    match ip address 10
    match interface Dialer1
    set interface Dialer1

    i whant to route traffic IN/OUT of access list 120 from Serial0/0 and
    everything else on Dialer1 DSL with NAT
    Serial 0/0 routes internals real ips.

    this works ok for outgoing traffic exept when i try to post on
    myltipart/forms!!
    eg login on gmail, post on some forums and who knows what else
    all other www traffic goes very well out from Dialer1

    the main problem is that i cannot access my internals services through
    Serial0/0
    eg telnet 2025 from outside at some lan ips.

    do u thing is this the right way im going?

    Thanks in advance
    Nikos
    paranic, Oct 31, 2005
    #1
    1. Advertising

  2. paranic

    Rave Guest

    In NAT, u must specify all the interfaces whether they are outside nat
    or inside
    and u havent specified nat inside for serial 0/0..
    so specify ip nat inside for serial 0/0
    Rave, Oct 31, 2005
    #2
    1. Advertising

  3. paranic

    paranic Guest

    serial0/0 dont need nat it is responsible to route my real masked c
    class.
    but i will try it and post the results.
    paranic, Nov 2, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. what's the best lens for my purposes???

    , Aug 4, 2006, in forum: Digital Photography
    Replies:
    71
    Views:
    1,297
    J. Clarke
    Aug 9, 2006
  2. Replies:
    0
    Views:
    459
  3. Juan R. Pollo

    Good economical choices for these purposes

    Juan R. Pollo, Sep 18, 2007, in forum: Digital Photography
    Replies:
    5
    Views:
    307
    Juan R. Pollo
    Sep 20, 2007
  4. RsH
    Replies:
    6
    Views:
    276
    John Turco
    Oct 12, 2007
  5. Giuen
    Replies:
    0
    Views:
    874
    Giuen
    Sep 12, 2008
Loading...

Share This Page