Solved

Routing Question.

Posted on 2009-03-30
4
197 Views
Last Modified: 2012-05-06
I need some assistance with routing. I have attached the network layout under. IP's are not real.
On the 1841 the default route is 0.0.0.0 0.0.0.0 90.100.10.10
I have created a static entry :- ip nat inside source static 172.10.1.2 90.100.10.12 (my 2nd public ip)
Nat is set up :- ip nat inside source list ACCESS LIST (ALLOW ALL) interface fast ethernet 0/0 overload.

What i want is to put all my applications like VPN EMails etc on my leased line and use the ADSL line for users to browse the internet i.e HTTP, Http's.

I have read about PBR but my knowledge is very limited about it.

If possible can i get the configuration that needs to be done on the 1841 along with the explanation please ?

DIAGRAM.jpg
0
Comment
Question by:WannabeNerd
  • 2
  • 2
4 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24020197
First, you need to configure NAT so outbound traffic is NAT'd to 90.100.10.11 when going out the T1 and NAT'd to 192.168.1.2 when going out the DSL.

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10
 match ip address 1
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

With this config, outbound HTTP and HTTPS will use the DSL line.  Everything else will use the Leased Line.  You can add other protocols to access-list 150 to route it over the DSL as well.
0
 

Author Comment

by:WannabeNerd
ID: 24020391
Thanks, As i told you i have limited knowledge, i have few questions:-

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
 match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1----> (Same as above.Right?)
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

Finally the policy we have defined above , is being applied at out internal interface i.e FE0/1. Does that mean the interface FE0 will not be effected my the changes made?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24020439
>route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
No significance, just the most common start to a policy (the default).

>match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
Yes, correct, matches the above access-list 1 (your LAN subnet).

>match ip address 1----> (Same as above.Right?)
Yes, correct.



0
 

Author Closing Comment

by:WannabeNerd
ID: 31564382
Thanks!! Havent tried it yet tough.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ping and real time 48 79
How to fid Policy on particular IP Address 5 47
Vmotion configuration 4 53
WDS can't PXE boot 3 28
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question