Balance outgoing traffic on CISCO 1812

[arnye]

Hi all!

I am trying to achieve a round-robin destination based outgoing load balancing on my CISCO 1812 box (after I have realized that no OER support will be available on my modell...) to the Internet. I have two external ethernet ports: one is connected via PPOE DSL link to ISP1. Here we have only one IP address so I have to use NAT. The other is a routed connection to ISP2. ISP2's assigned IP range is segmented into two parts. The first is assigned to the external interface, the other is assigned to the internal interface (wich acts as a DMZ wiht Internet IP addresses).
So: connection 1 translates ISP2's IPs to ISP1 single IP via NAT when that is the outgoing direction, connection 2 simply routes the traffic. And that is where the problem comes in. I set up the connections, routing and NAT accordingly have added two equivalent routes to the Internet.
Now then if I enable only one connection at a time the Internet is reachable without problem. Direct routing works in one case and NAT works fine in the other. But when I have both outgoing connections enabled, the NAT seems to be non-functional, packets going out the DSL interface without source address translation and ISP1 sees ISP2-s IP as the source...
What could be the problem? Why doesn't NAT work when both connections are enabled?

Thanks for any help in forward!

Arnold Domschitz

 

[KiscoKid]

Can you paste your running configuration from the 1800 please?

 

[arnye]

Hi

The relevant part of the configuration is pasted below.
Notes:
ISP2's address range is: X.Y.Z.224/27 what is segmented as:
Fastethernet0 (external): X.Y.Z.241/28
Vlan1 (internal): X.Y.Z.224/28

ISP1's only IP is: K.L.M.49

There are some static translations and policy based routing in the config wich seem work fine. The only thing broken is the otugoing load balancing when both of the external interfaces are enabled (or I do no redirect the traffic to one gateway via policy)

Hope it helps lighten things up a bit...

Thanks,

Arnold

version 12.4
!
ip cef
!
interface FastEthernet0
description $ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet1
description $ES_WAN$$FW_OUTSIDE$
ip address X.Y.Z.241 255.255.255.240
ip access-group fastethernet1_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip tcp adjust-mss 1452
duplex auto
speed auto
!

interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address X.Y.Z.237 255.255.255.240
ip access-group vlan1_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
ip policy route-map outgoing
!
interface Dialer0
ip address negotiated
ip access-group dialer0_in in
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username XXXXXXXX password 7 XXXXXXXX
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.Y.Z.254
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp X.Y.Z.227 1723 interface Dialer0 1723
ip nat inside source static tcp X.Y.Z.227 21 interface Dialer0 21
ip nat inside source static tcp X.Y.Z.227 443 interface Dialer0 443
ip nat inside source static tcp X.Y.Z.227 80 interface Dialer0 80
ip nat inside source static tcp X.Y.Z.227 25 interface Dialer0 25
!
ip access-list extended dialer0_in
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
permit tcp any host K.L.M.49 eq smtp
permit tcp any host K.L.M.49 eq ftp
permit tcp any host K.L.M.49 eq 1723
permit tcp any host K.L.M.49 eq 443
permit tcp any host K.L.M.49 eq www
permit udp any eq domain host K.L.M.49
permit tcp any host K.L.M.49 established
ip access-list extended fastethernet1_in
permit tcp any host X.Y.Z.235 eq 443
permit tcp any X.Y.Z.224 0.0.0.15 established
permit udp any eq domain X.Y.Z.224 0.0.0.15
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
ip access-list extended vlan1_in
permit ip X.Y.Z.224 0.0.0.15 any
!
!
logging trap debugging
access-list 1 permit X.Y.Z.224 0.0.0.15
access-list 130 permit ip any X.Y.Z.224 0.0.0.15
access-list 131 permit ip host X.Y.Z.235 any
access-list 132 permit ip host X.Y.Z.226 any
access-list 133 permit ip host X.Y.Z.227 any
access-list 134 permit ip host X.Y.Z.225 any
access-list 135 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
route-map outgoing permit 130
match ip address 130
set interface Vlan1
!
route-map outgoing permit 131
match ip address 131
set ip next-hop X.Y.Z.254
!
route-map outgoing permit 132
match ip address 132
set ip next-hop X.Y.Z.254
!
route-map outgoing permit 133
match ip address 133
set interface Dialer0
!
route-map outgoing permit 134
match ip address 134
set interface Dialer0
!
route-map outgoing permit 135
match ip address 135
!
end