PBR for load sharing purposes

---

• From: "paranic" <paranic@xxxxxxxxx>
• Date: 30 Oct 2005 16:30:31 -0800

---

hi there

i have the folowing config

interface FastEthernet0/0
description Connected to LAN
ip address 62.103.116.2 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip route-cache same-interface
ip route-cache policy
ip policy route-map test
speed auto
full-duplex
no cdp enable
!
interface Serial0/0
description Connected to ISP1
ip address 62.103.132.194 255.255.255.252
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
no ip mroute-cache
no cdp enable
!
interface Dialer1
description Connected to ISP2
ip nat outside
ip route-cache policy

ip nat inside source route-map D1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Serial0/0

access-list 120 permit udp any any eq 4000
access-list 120 permit tcp any any eq 4000
access-list 120 permit udp any any range 6112 6119
access-list 120 permit tcp any any range 6112 6119
access-list 120 permit tcp any any eq 3724
access-list 120 permit tcp any any range 6881 6999
access-list 120 permit tcp any any range 2025 2035
access-list 120 permit udp any any range 2025 2035
access-list 120 permit tcp any any eq 22
access-list 120 permit igmp any any
access-list 120 permit icmp any any

access-list 121 permit ip 62.103.116.0 0.0.0.127 any

route-map test permit 10
match ip address 120
match interface FastEthernet0/0
set interface Serial0/0
!
route-map test permit 20
match ip address 121
match interface FastEthernet0/0
set interface Dialer1
!
route-map D1 permit 1
match ip address 10
match interface Dialer1
set interface Dialer1

i whant to route traffic IN/OUT of access list 120 from Serial0/0 and
everything else on Dialer1 DSL with NAT
Serial 0/0 routes internals real ips.

this works ok for outgoing traffic exept when i try to post on
myltipart/forms!!
eg login on gmail, post on some forums and who knows what else
all other www traffic goes very well out from Dialer1

the main problem is that i cannot access my internals services through
Serial0/0
eg telnet 2025 from outside at some lan ips.

do u thing is this the right way im going?

Thanks in advance
Nikos

.

---

• Follow-Ups:
  • Re: PBR for load sharing purposes
    • From: Rave

• Prev by Date: Re: Please help with Pix 501
• Next by Date: Re: Please help with Pix 501
• Previous by thread: RAS on serial with cell phone (Nokia)
• Next by thread: Re: PBR for load sharing purposes
• Index(es):
  • Date
  • Thread

---

Relevant Pages Probleem with port forwarding ... ip nat inside source static tcp 10.0.0.56 7 interface Dialer1 ... access-list 23 permit 82.66.199.22 ... access-list 112 permit tcp any any eq ... (comp.security.firewalls) need help with configuration ... ip nat inside source static tcp 10.0.0.56 7 interface Dialer1 ... access-list 23 permit 82.66.199.22 ... access-list 112 permit tcp any any eq ... (comp.security.firewalls) need help with opening port ... ip nat inside source static tcp 10.0.0.56 7 interface Dialer1 ... access-list 23 permit 82.66.199.22 ... access-list 112 permit tcp any any eq ... (microsoft.public.win32.programmer.tapi) Re: 3640 some sites slow.... ... ip nat inside source static udp 192.168.10.24 21000 interface Dialer1 ... permit ip 172.25.0.0 0.0.255.255 any ... permit tcp any eq ftp-data any ... (comp.dcom.sys.cisco) 3640 some sites slow.... ... ip nat inside source static udp 192.168.10.24 21000 interface Dialer1 ... permit ip 172.25.0.0 0.0.255.255 any ... permit tcp any eq ftp-data any ... (comp.dcom.sys.cisco)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.dcom.sys.cisco  > 2005-10