hi there
i have the folowing config
interface FastEthernet0/0 description Connected to LAN ip address 62.103.116.2 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip nbar protocol-discovery ip route-cache same-interface ip route-cache policy ip policy route-map test speed auto full-duplex no cdp enable ! interface Serial0/0 description Connected to ISP1 ip address 62.103.132.194 255.255.255.252 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip route-cache policy no ip mroute-cache no cdp enable ! interface Dialer1 description Connected to ISP2 ip nat outside ip route-cache policy
ip nat inside source route-map D1 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Serial0/0
access-list 120 permit udp any any eq 4000 access-list 120 permit tcp any any eq 4000 access-list 120 permit udp any any range 6112 6119 access-list 120 permit tcp any any range 6112 6119 access-list 120 permit tcp any any eq 3724 access-list 120 permit tcp any any range 6881 6999 access-list 120 permit tcp any any range 2025 2035 access-list 120 permit udp any any range 2025 2035 access-list 120 permit tcp any any eq 22 access-list 120 permit igmp any any access-list 120 permit icmp any any
access-list 121 permit ip 62.103.116.0 0.0.0.127 any
route-map test permit 10 match ip address 120 match interface FastEthernet0/0 set interface Serial0/0 ! route-map test permit 20 match ip address 121 match interface FastEthernet0/0 set interface Dialer1 ! route-map D1 permit 1 match ip address 10 match interface Dialer1 set interface Dialer1
i whant to route traffic IN/OUT of access list 120 from Serial0/0 and everything else on Dialer1 DSL with NAT Serial 0/0 routes internals real ips.
this works ok for outgoing traffic exept when i try to post on myltipart/forms!! eg login on gmail, post on some forums and who knows what else all other www traffic goes very well out from Dialer1
the main problem is that i cannot access my internals services through Serial0/0 eg telnet 2025 from outside at some lan ips.
do u thing is this the right way im going?
Thanks in advance Nikos