Solved

Routing Question.

Posted on 2009-03-30
4
196 Views
Last Modified: 2012-05-06
I need some assistance with routing. I have attached the network layout under. IP's are not real.
On the 1841 the default route is 0.0.0.0 0.0.0.0 90.100.10.10
I have created a static entry :- ip nat inside source static 172.10.1.2 90.100.10.12 (my 2nd public ip)
Nat is set up :- ip nat inside source list ACCESS LIST (ALLOW ALL) interface fast ethernet 0/0 overload.

What i want is to put all my applications like VPN EMails etc on my leased line and use the ADSL line for users to browse the internet i.e HTTP, Http's.

I have read about PBR but my knowledge is very limited about it.

If possible can i get the configuration that needs to be done on the 1841 along with the explanation please ?

DIAGRAM.jpg
0
Comment
Question by:WannabeNerd
  • 2
  • 2
4 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24020197
First, you need to configure NAT so outbound traffic is NAT'd to 90.100.10.11 when going out the T1 and NAT'd to 192.168.1.2 when going out the DSL.

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10
 match ip address 1
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

With this config, outbound HTTP and HTTPS will use the DSL line.  Everything else will use the Leased Line.  You can add other protocols to access-list 150 to route it over the DSL as well.
0
 

Author Comment

by:WannabeNerd
ID: 24020391
Thanks, As i told you i have limited knowledge, i have few questions:-

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
 match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1----> (Same as above.Right?)
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

Finally the policy we have defined above , is being applied at out internal interface i.e FE0/1. Does that mean the interface FE0 will not be effected my the changes made?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24020439
>route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
No significance, just the most common start to a policy (the default).

>match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
Yes, correct, matches the above access-list 1 (your LAN subnet).

>match ip address 1----> (Same as above.Right?)
Yes, correct.



0
 

Author Closing Comment

by:WannabeNerd
ID: 31564382
Thanks!! Havent tried it yet tough.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question