Solved

Setup Cisco with dual WAN and 2 internal subnets each using a separate WAN interface

Posted on 2010-11-15
3
851 Views
Last Modified: 2012-05-10
I am trying to configure a Cisco 2611XM router with an Ethernet card in it's NM slot so it has 3 FastEthernet interfaces.

FastEthernet0/0 is connected to Static IP address WAN connection
FastEthernet0/1 is connected to the internal LAN with 2 subnets (10.0.0.0, 255.255.255.0 and 10.1.1.0, 255.255.255.0)
FastEthernet1/0 is connected to DHCP IP address WAN connection

I don't want or need a failover connection. What I want is to send all traffic from subnet 10.0.0.0 over FastEthernet0/0 and subnet 10.1.1.0 over FastEthernet1/0

As best as I can tell I need to setup something call policy based routing but I haven't been able to get it to work properly. I can get all traffic to flow through 1 WAN or the other by making various adjustments but I can't seem to get each subnet to flow through it's own WAN. As it's configured at the moment all 10.0.0.0 clients can access the Internet and do so over FastEthernet0/0. Clients with 10.1.1.0 addresses can not access the Internet. Here are the relevant parts of my config:


!
version 12.4
!
ip cef
!
interface FastEthernet0/0
 description External Static Connection
 ip address 208.97.xxx.xxx 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip nat outside
 no ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description Internal LAN
 ip address 10.1.1.1 255.255.255.0 secondary
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet1/0
 description External DHCP
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip nat outside
 no ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 208.97.xxx.xxx
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 dhcp 20
!
ip nat inside source route-map static interface FastEthernet0/0 overload
ip nat inside source route-map dhcp interface FastEthernet1/0 overload
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 2 permit 10.1.1.0 0.0.0.255
!
route-map static permit 10
 match ip address 1
 match interface FastEthernet0/0
 set default interface FastEthernet0/0
!
route-map dhcp permit 20
 match ip address 2
 match interface FastEthernet1/0
 set default interface FastEthernet1/0
!
0
Comment
Question by:jakek
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 34141879
Try this:

access-list 100 permit ip 10.1.1.0 0.0.0.255 any
access-list 102 permit ip 10.0.0.0 0.0.0.255 any

route-map POLICY permit 10
 match ip address 100
 set ip default next-hop 208.97.xxx.xxx

route-map POLICY permit 20
 match ip address 102
 set default interface fast 1/0

interface fast 0/1
 ip policy route-map POLICY

0
 

Author Comment

by:jakek
ID: 34145971
Thanks lrmoore! That worked, just 1 minor addition. I had to remove the following items from my config as the routes were now defined in the policies.

ip route 0.0.0.0 0.0.0.0 208.97.xxx.xxx
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 dhcp 20

0
 

Author Closing Comment

by:jakek
ID: 34145987
Had to take 1 additional step to the instructions given but pointed me in the right direction. Very helpful!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now