?
Solved

ROUTING QUESTION.

Posted on 2009-04-24
6
Medium Priority
?
255 Views
Last Modified: 2012-05-06
Hi,
I had previously posted a question similiar to one i am asking now http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_24277691.html.

The solution for the previous question worked fantastically.  I now have done some modification to the nework layout and am struggling to route the traffic . Here is what i want:-

As you can see in the diagram i have two internet connections.Previously i wanted to route the http traffic coming from LAN directly to the ADSL connection. So the config i was using was :-

access-list 1 permit 10.0.0.0 0.0.0.255

route-map LeasedLine permit 10
 match ip address 1
 match interface FastEthernet0/0

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

ip nat inside source route-map LeasedLine interface FastEthernet0/0 overload
ip nat inside source route-map DSL interface FastEthernet1 overload
ip nat inside source static 172.31.0.100 90.100.10.12

ip route 0.0.0.0 0.0.0.0 90.100.10.10    <--anything not matching the PBR policy uses Leased Line

access-list 150 permit tcp any any eq 80
access-list 150 permit tcp any any eq 443

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

int fa0/1
ip policy route-map DSL
---------------------------------------------------------------------------------------------------------

Now i have added an additional firewall (ISA) in the DMZ . All the http traffic coming from the internal LAN is going directly through the ISA server 172.31.0.200-->172.31.0.1.

I want this traffic to use the ADSL line i.e FE1 interface to go out and not the FE 0/0.


.
DIAGRAhhM.jpg
0
Comment
Question by:WannabeNerd
  • 3
  • 3
6 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 24224013
Here you go:

conf t
access-list 1 permit 172.31.0.0 0.0.0.255

int fastethernet0
ip policy route-map DSL
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24225315



I think you mean "access-list 150 permit 172.31.0.0 0.0.0.255"

harbor235 ;}
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24225365
Nope, I meant access-list 1.  Access-list 150 permits any source so its covered.  Access-list 1 however needs the 172.31.0.0/24 subnet to match the NAT statements.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 32

Expert Comment

by:harbor235
ID: 24225443


AAh, I did not see this before, there are two DSL route-maps?

route-map DSL permit 10
 match ip address 1
 match interface FastEthernet1

route-map DSL permit 10
 match ip address 150
 set ip default next-hop 192.168.1.1

harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24225496


Very confusing, not sure how that works, could lead to problems. I'd have to lab it up, perhaps it takes the first one.
I always use separate route-maps for NAT and PBR.


harbor235 ;}
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24225623
Yeah, that must be a copy/paste error.  It shouldn't work as the router would have no idea on which one to reference.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
In this article, we’ll look at how to deploy ProxySQL.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question