Solved

Routing Question.

Posted on 2009-03-30
4
203 Views
Last Modified: 2012-05-06
I need some assistance with routing. I have attached the network layout under. IP's are not real.
On the 1841 the default route is 0.0.0.0 0.0.0.0 90.100.10.10
I have created a static entry :- ip nat inside source static 172.10.1.2 90.100.10.12 (my 2nd public ip)
Nat is set up :- ip nat inside source list ACCESS LIST (ALLOW ALL) interface fast ethernet 0/0 overload.

What i want is to put all my applications like VPN EMails etc on my leased line and use the ADSL line for users to browse the internet i.e HTTP, Http's.

I have read about PBR but my knowledge is very limited about it.

If possible can i get the configuration that needs to be done on the 1841 along with the explanation please ?

DIAGRAM.jpg
0
Comment
Question by:WannabeNerd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24020197
First, you need to configure NAT so outbound traffic is NAT'd to 90.100.10.11 when going out the T1 and NAT'd to 192.168.1.2 when going out the DSL.

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10
 match ip address 1
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

With this config, outbound HTTP and HTTPS will use the DSL line.  Everything else will use the Leased Line.  You can add other protocols to access-list 150 to route it over the DSL as well.
0
 

Author Comment

by:WannabeNerd
ID: 24020391
Thanks, As i told you i have limited knowledge, i have few questions:-

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
 match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1----> (Same as above.Right?)
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

Finally the policy we have defined above , is being applied at out internal interface i.e FE0/1. Does that mean the interface FE0 will not be effected my the changes made?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24020439
>route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
No significance, just the most common start to a policy (the default).

>match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
Yes, correct, matches the above access-list 1 (your LAN subnet).

>match ip address 1----> (Same as above.Right?)
Yes, correct.



0
 

Author Closing Comment

by:WannabeNerd
ID: 31564382
Thanks!! Havent tried it yet tough.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question