Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 459
  • Last Modified:

Routing FTP, Web Browsing and SMTP Traffic Between 3 Different Internet Connections

I have a huge project I must undertake. Currently I have all my internet traffic going out of one T1 line to the internet. My external users (there a lot of them) are complaining of speed and I need to split the traffic up ASAP with what I have available. I need to configure my router to route all Citrix/RDP and SMTP traffic through one T1 line. I also need to configure my router to route all internal user web browsing through a DSL line and then I need to route all FTP traffic through a second T1 line. Can anyone help? This is very advanced for me but from what I have read, it is possible. I have extra routers (Cisco 1700's, Cisco 2800's) and PIX firewalls at my disposal. The 2800 series router can house I think 4 WIC-T1 cards and the 1700 series routers I think can house 2 WIC-T1 cards. It doesnt matter how much hardware I have to use or if I have to trim some out. I have all the configs ready to post and diagrams of the current setup and diagrams of what I invision it to look like. Any one that wants to take a crack at this please let me know. The question is posted at 500 points but if I can get someone to solve this intense issue for me I am will to offer another 500 points throuh an easy question thereafter ;-)
0
PCWimp
Asked:
PCWimp
  • 2
1 Solution
 
lrmooreCommented:
Simple procedure with route-maps and policy based routing (PBR)

\\-- first define one traffic pattern, i.e. RDP and SMTP
access-list 109 permit tcp any any eq smtp
access-list 109 permit tcp any eq 3389 any

\\-- create a route-map policy to send traffic matching the definition acl to a different gateway
route-map MYROUTEMAP permit 10
 match ip address 109
 set ip default next-hop 1.2.3.4  <--- IP address of upstream T1 gateway

\\-- define next set of traffic
access-list 110 permit tcp any any eq http
access-list 110 permit tcp any any eq https

\\-- add it to the same route-map
route-map MYROUTEMAP permit 20 <- notice a new number
 match ip address 110
 set ip default interface dialer 1  <== DSL dialer interface

\\-- define FTP traffic
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq ftp-data

route-map MYROUTEMAP permit 30
 match ip address 111
 set ip default next-hop 4.5.6.7  <== 2nd T1 line upstream router

\\-- define all other default traffic
access-list 112 permit ip any any

route-map MYROUTEMAP permit 40  <-- this one needs to be a higher number than the others so that it will be last to be processed
 match ip address 112
 set ip default next-hop x.x.x.x  <== whatever gateway you want all other undefined traffic to go out of

\\-- now apply the route-map policy to the INGRESS interface
interface FastEthernet 0/0
 description local LAN
 ip policy route-map MYROUTEMAP

Done

0
 
PCWimpAuthor Commented:
Awesome! Looks like this was well worth the wait! I haven't slept last night working on other issues pertaining to the same project. I am going to take a 4 - 5 hour nap now and by that time everyone will have gone home and I can work on the routers. Thanks again!

PCwimp
0
 
PCWimpAuthor Commented:
Trying this tonight... Havent had a chance to take systems off line. Will do tonight and report back. Thanks again.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now