Routing FTP, Web Browsing and SMTP Traffic Between 3 Different Internet Connections

Posted on 2009-04-11
Medium Priority
Last Modified: 2012-05-06
I have a huge project I must undertake. Currently I have all my internet traffic going out of one T1 line to the internet. My external users (there a lot of them) are complaining of speed and I need to split the traffic up ASAP with what I have available. I need to configure my router to route all Citrix/RDP and SMTP traffic through one T1 line. I also need to configure my router to route all internal user web browsing through a DSL line and then I need to route all FTP traffic through a second T1 line. Can anyone help? This is very advanced for me but from what I have read, it is possible. I have extra routers (Cisco 1700's, Cisco 2800's) and PIX firewalls at my disposal. The 2800 series router can house I think 4 WIC-T1 cards and the 1700 series routers I think can house 2 WIC-T1 cards. It doesnt matter how much hardware I have to use or if I have to trim some out. I have all the configs ready to post and diagrams of the current setup and diagrams of what I invision it to look like. Any one that wants to take a crack at this please let me know. The question is posted at 500 points but if I can get someone to solve this intense issue for me I am will to offer another 500 points throuh an easy question thereafter ;-)
Question by:PCWimp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 24129352
Simple procedure with route-maps and policy based routing (PBR)

\\-- first define one traffic pattern, i.e. RDP and SMTP
access-list 109 permit tcp any any eq smtp
access-list 109 permit tcp any eq 3389 any

\\-- create a route-map policy to send traffic matching the definition acl to a different gateway
route-map MYROUTEMAP permit 10
 match ip address 109
 set ip default next-hop  <--- IP address of upstream T1 gateway

\\-- define next set of traffic
access-list 110 permit tcp any any eq http
access-list 110 permit tcp any any eq https

\\-- add it to the same route-map
route-map MYROUTEMAP permit 20 <- notice a new number
 match ip address 110
 set ip default interface dialer 1  <== DSL dialer interface

\\-- define FTP traffic
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq ftp-data

route-map MYROUTEMAP permit 30
 match ip address 111
 set ip default next-hop  <== 2nd T1 line upstream router

\\-- define all other default traffic
access-list 112 permit ip any any

route-map MYROUTEMAP permit 40  <-- this one needs to be a higher number than the others so that it will be last to be processed
 match ip address 112
 set ip default next-hop x.x.x.x  <== whatever gateway you want all other undefined traffic to go out of

\\-- now apply the route-map policy to the INGRESS interface
interface FastEthernet 0/0
 description local LAN
 ip policy route-map MYROUTEMAP



Author Comment

ID: 24131264
Awesome! Looks like this was well worth the wait! I haven't slept last night working on other issues pertaining to the same project. I am going to take a 4 - 5 hour nap now and by that time everyone will have gone home and I can work on the routers. Thanks again!


Author Comment

ID: 24142227
Trying this tonight... Havent had a chance to take systems off line. Will do tonight and report back. Thanks again.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question