ROUTING QUESTION.

Hi,
I had previously posted a question similiar to one i am asking now http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_24277691.html.

The solution for the previous question worked fantastically.  I now have done some modification to the nework layout and am struggling to route the traffic . Here is what i want:-

As you can see in the diagram i have two internet connections.Previously i wanted to route the http traffic coming from LAN directly to the ADSL connection. So the config i was using was :-

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10
 match ip address 1
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload
ip nat inside source static 172.31.0.100 90.100.10.12

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL
---------------------------------------------------------------------------------------------------------

Now i have added an additional firewall (ISA) in the DMZ . All the http traffic coming from the internal LAN is going directly through the ISA server 172.31.0.200-->172.31.0.1.

I want this traffic to use the ADSL line i.e FE1 interface to go out and not the FE 0/0.


.
DIAGRAhhM.jpg
WannabeNerdAsked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
Here you go:

conf t
access-list 1 permit 172.31.0.0 0.0.0.255

int fastethernet0
ip policy route-map DSL
0
 
harbor235Commented:



I think you mean "access-list 150 permit 172.31.0.0 0.0.0.255"

harbor235 ;}
0
 
JFrederick29Commented:
Nope, I meant access-list 1.  Access-list 150 permits any source so its covered.  Access-list 1 however needs the 172.31.0.0/24 subnet to match the NAT statements.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
harbor235Commented:


AAh, I did not see this before, there are two DSL route-maps?

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

harbor235 ;}
0
 
harbor235Commented:


Very confusing, not sure how that works, could lead to problems. I'd have to lab it up, perhaps it takes the first one.
I always use separate route-maps for NAT and PBR.


harbor235 ;}
0
 
JFrederick29Commented:
Yeah, that must be a copy/paste error.  It shouldn't work as the router would have no idea on which one to reference.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.