• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 303
  • Last Modified:

Routing Question.

I need some assistance with routing. I have attached the network layout under. IP's are not real.
On the 1841 the default route is 0.0.0.0 0.0.0.0 90.100.10.10
I have created a static entry :- ip nat inside source static 172.10.1.2 90.100.10.12 (my 2nd public ip)
Nat is set up :- ip nat inside source list ACCESS LIST (ALLOW ALL) interface fast ethernet 0/0 overload.

What i want is to put all my applications like VPN EMails etc on my leased line and use the ADSL line for users to browse the internet i.e HTTP, Http's.

I have read about PBR but my knowledge is very limited about it.

If possible can i get the configuration that needs to be done on the 1841 along with the explanation please ?

DIAGRAM.jpg
0
WannabeNerd
Asked:
WannabeNerd
  • 2
  • 2
1 Solution
 
JFrederick29Commented:
First, you need to configure NAT so outbound traffic is NAT'd to 90.100.10.11 when going out the T1 and NAT'd to 192.168.1.2 when going out the DSL.

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10
 match ip address 1
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

With this config, outbound HTTP and HTTPS will use the DSL line.  Everything else will use the Leased Line.  You can add other protocols to access-list 150 to route it over the DSL as well.
0
 
WannabeNerdAuthor Commented:
Thanks, As i told you i have limited knowledge, i have few questions:-

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
 match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1----> (Same as above.Right?)
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

Finally the policy we have defined above , is being applied at out internal interface i.e FE0/1. Does that mean the interface FE0 will not be effected my the changes made?
0
 
JFrederick29Commented:
>route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
No significance, just the most common start to a policy (the default).

>match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
Yes, correct, matches the above access-list 1 (your LAN subnet).

>match ip address 1----> (Same as above.Right?)
Yes, correct.



0
 
WannabeNerdAuthor Commented:
Thanks!! Havent tried it yet tough.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now