1. Home
  2. Cisco Systems
  3. PBR for load sharing purposes

PBR for load sharing purposes

hi there

i have the folowing config

interface FastEthernet0/0 description Connected to LAN ip address 62.103.116.2 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip nbar protocol-discovery ip route-cache same-interface ip route-cache policy ip policy route-map test speed auto full-duplex no cdp enable ! interface Serial0/0 description Connected to ISP1 ip address 62.103.132.194 255.255.255.252 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip route-cache policy no ip mroute-cache no cdp enable ! interface Dialer1 description Connected to ISP2 ip nat outside ip route-cache policy

ip nat inside source route-map D1 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Serial0/0

access-list 120 permit udp any any eq 4000 access-list 120 permit tcp any any eq 4000 access-list 120 permit udp any any range 6112 6119 access-list 120 permit tcp any any range 6112 6119 access-list 120 permit tcp any any eq 3724 access-list 120 permit tcp any any range 6881 6999 access-list 120 permit tcp any any range 2025 2035 access-list 120 permit udp any any range 2025 2035 access-list 120 permit tcp any any eq 22 access-list 120 permit igmp any any access-list 120 permit icmp any any

access-list 121 permit ip 62.103.116.0 0.0.0.127 any

route-map test permit 10 match ip address 120 match interface FastEthernet0/0 set interface Serial0/0 ! route-map test permit 20 match ip address 121 match interface FastEthernet0/0 set interface Dialer1 ! route-map D1 permit 1 match ip address 10 match interface Dialer1 set interface Dialer1

i whant to route traffic IN/OUT of access list 120 from Serial0/0 and everything else on Dialer1 DSL with NAT Serial 0/0 routes internals real ips.

this works ok for outgoing traffic exept when i try to post on myltipart/forms!! eg login on gmail, post on some forums and who knows what else all other www traffic goes very well out from Dialer1

the main problem is that i cannot access my internals services through Serial0/0 eg telnet 2025 from outside at some lan ips.

do u thing is this the right way im going?

Thanks in advance Nikos

Reply to
paranic
Loading thread data ...

In NAT, u must specify all the interfaces whether they are outside nat or inside and u havent specified nat inside for serial 0/0.. so specify ip nat inside for serial 0/0

Reply to
Rave

serial0/0 dont need nat it is responsible to route my real masked c class. but i will try it and post the results.

Reply to
paranic

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.