Re: Dual WAN on a 2651, NAT inside, opening one port on the seconday WAN

Discussion in 'Cisco' started by Martin Gallagher, Nov 27, 2012.

  1. Don Kuenz wrote:

    >
    > On the surface it seems plausible that packets sent to port 66 of
    > 11.23.44.77:66 actually reach 192.168.44.55:66. But reply packets
    > out of 192.168.44.55 get routed through 11.22.33.49 (the default)
    > instead of 11.23.44.76 (the secondary WAN where the TCP session was
    > started.)
    >


    Not only plausible, it's what will happen.

    > I seem to recall a "sticky route" parameter that instructs IOS to stick
    > with the originating gateway for a given TCP session. Any help
    > appreciated. TIA.
    >


    You are routing this traffic based on where it came from, 192.168.44.55:66,
    and not where it's going. For this you need Policy Routing.

    Understanding Policy Routing
    ============================
    http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml

    > The pertinent parts of the config:
    >
    > ip route 0.0.0.0 0.0.0.0 11.22.33.49
    > ip nat inside source list 101 interface FastEthernet0/1 overload
    > ip nat inside source list 102 interface Ethernet1/0 overload
    >


    Since ACL 101 and 102 are identical 101 will always match and all your
    traffic will overload on F0/1 even if you do manage to send some of it via
    E1/0. So:

    !
    ip nat inside source route-map F01 interface FastEthernet0/1 overload
    ip nat inside source route-map E10 interface Ethernet1/0 overload
    !
    route-map E10 permit 10
    match interface FastEthernet0/1
    match ip access-list 101
    !
    route-map E10 permit 10
    match interface Ethernet1/0
    match ip access-list 102
    !

    --
    Rgds,
    Martin
     
    Martin Gallagher, Nov 27, 2012
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dmitry
    Replies:
    7
    Views:
    8,798
    saravanakumar
    Jun 9, 2009
  2. Kevin
    Replies:
    4
    Views:
    4,925
    Martin Gallagher
    Nov 28, 2003
  3. Kevin
    Replies:
    1
    Views:
    863
    Walter Roberson
    Nov 10, 2004
  4. lbbss
    Replies:
    3
    Views:
    510
    °Mike°
    Aug 17, 2004
  5. Martin Gallagher
    Replies:
    0
    Views:
    497
    Martin Gallagher
    Feb 7, 2010
Loading...

Share This Page