Solved

Setup Cisco with dual WAN and 2 internal subnets each using a separate WAN interface

Posted on 2010-11-15
3
857 Views
Last Modified: 2012-05-10
I am trying to configure a Cisco 2611XM router with an Ethernet card in it's NM slot so it has 3 FastEthernet interfaces.

FastEthernet0/0 is connected to Static IP address WAN connection
FastEthernet0/1 is connected to the internal LAN with 2 subnets (10.0.0.0, 255.255.255.0 and 10.1.1.0, 255.255.255.0)
FastEthernet1/0 is connected to DHCP IP address WAN connection

I don't want or need a failover connection. What I want is to send all traffic from subnet 10.0.0.0 over FastEthernet0/0 and subnet 10.1.1.0 over FastEthernet1/0

As best as I can tell I need to setup something call policy based routing but I haven't been able to get it to work properly. I can get all traffic to flow through 1 WAN or the other by making various adjustments but I can't seem to get each subnet to flow through it's own WAN. As it's configured at the moment all 10.0.0.0 clients can access the Internet and do so over FastEthernet0/0. Clients with 10.1.1.0 addresses can not access the Internet. Here are the relevant parts of my config:


!
version 12.4
!
ip cef
!
interface FastEthernet0/0
 description External Static Connection
 ip address 208.97.xxx.xxx 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip nat outside
 no ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description Internal LAN
 ip address 10.1.1.1 255.255.255.0 secondary
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet1/0
 description External DHCP
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip nat outside
 no ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 208.97.xxx.xxx
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 dhcp 20
!
ip nat inside source route-map static interface FastEthernet0/0 overload
ip nat inside source route-map dhcp interface FastEthernet1/0 overload
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 2 permit 10.1.1.0 0.0.0.255
!
route-map static permit 10
 match ip address 1
 match interface FastEthernet0/0
 set default interface FastEthernet0/0
!
route-map dhcp permit 20
 match ip address 2
 match interface FastEthernet1/0
 set default interface FastEthernet1/0
!
0
Comment
Question by:jakek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 34141879
Try this:

access-list 100 permit ip 10.1.1.0 0.0.0.255 any
access-list 102 permit ip 10.0.0.0 0.0.0.255 any

route-map POLICY permit 10
 match ip address 100
 set ip default next-hop 208.97.xxx.xxx

route-map POLICY permit 20
 match ip address 102
 set default interface fast 1/0

interface fast 0/1
 ip policy route-map POLICY

0
 

Author Comment

by:jakek
ID: 34145971
Thanks lrmoore! That worked, just 1 minor addition. I had to remove the following items from my config as the routes were now defined in the policies.

ip route 0.0.0.0 0.0.0.0 208.97.xxx.xxx
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 dhcp 20

0
 

Author Closing Comment

by:jakek
ID: 34145987
Had to take 1 additional step to the instructions given but pointed me in the right direction. Very helpful!
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question