Solved

Routing Question.

Posted on 2009-03-30
4
192 Views
Last Modified: 2012-05-06
I need some assistance with routing. I have attached the network layout under. IP's are not real.
On the 1841 the default route is 0.0.0.0 0.0.0.0 90.100.10.10
I have created a static entry :- ip nat inside source static 172.10.1.2 90.100.10.12 (my 2nd public ip)
Nat is set up :- ip nat inside source list ACCESS LIST (ALLOW ALL) interface fast ethernet 0/0 overload.

What i want is to put all my applications like VPN EMails etc on my leased line and use the ADSL line for users to browse the internet i.e HTTP, Http's.

I have read about PBR but my knowledge is very limited about it.

If possible can i get the configuration that needs to be done on the 1841 along with the explanation please ?

DIAGRAM.jpg
0
Comment
Question by:WannabeNerd
  • 2
  • 2
4 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
Comment Utility
First, you need to configure NAT so outbound traffic is NAT'd to 90.100.10.11 when going out the T1 and NAT'd to 192.168.1.2 when going out the DSL.

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10
 match ip address 1
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

With this config, outbound HTTP and HTTPS will use the DSL line.  Everything else will use the Leased Line.  You can add other protocols to access-list 150 to route it over the DSL as well.
0
 

Author Comment

by:WannabeNerd
Comment Utility
Thanks, As i told you i have limited knowledge, i have few questions:-

Here is the example config:

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
 match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1----> (Same as above.Right?)
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload

Then you can setup PBR so HTTP and HTTPS is routed out the DSL and the rest is sent out the Leased line.

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL

Finally the policy we have defined above , is being applied at out internal interface i.e FE0/1. Does that mean the interface FE0 will not be effected my the changes made?
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
>route-map LeasedLine permit 10 --> (No idea is 10 just any number or does it have any significane?)
No significance, just the most common start to a policy (the default).

>match ip address 1 ----> (here we are matching the access list 1 created above. i.e our LAN Right?)
Yes, correct, matches the above access-list 1 (your LAN subnet).

>match ip address 1----> (Same as above.Right?)
Yes, correct.



0
 

Author Closing Comment

by:WannabeNerd
Comment Utility
Thanks!! Havent tried it yet tough.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now