How to route different traffic via two Internet connections

Posted on 2015-01-04
Last Modified: 2015-01-06
Hi Experts,

I have a little experience in networking but by no means a networking engineer hence would appreciate your help and advice.

At present, we have four small offices under one business; each having an ADSL2 connection provided by their ISP. I believe that it is an MPLS network at their end.
The connection allows the staff Internet access and also access to a secure web-based database which can only be accessed via this link (in other words, the application cannot be accessed from home or elsewhere) which is a business requirement.

The ISP are responsible for configuring the 'meshing' to allow routing between the sites.

We are hoping to host their servers in our offices and each of the sites would be purchasing a separate business fibre broadband line. It is hoped that we would route all the traffic required for their database traffic through the existing ADSL2 line and all Internet and local server traffic via the new fibre line.

My questions are on the lines off
1) firstly if this is achievable, what try of Cisco switch would I look at purchasing to carry out the routing?
2) would I need any other hardware for both the client office and our office?
3) most importantly, how would I configure the network and traffic separation  on the clients side?

I realise there will be more questions you will need to clarify therefore I will try my upmost to respond as soon as I can.

Thanks all.
Question by:Immun3
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 79

Assisted Solution

arnold earned 167 total points
ID: 40531005
The routing table designating the specific destination traffic to go through the adsl2 feed, everything (meaning you will not have a deafult route going out that adsl2 connection.

You would also use weighted routing such that adsl2 connected location will prefer the route via the fiber versus the default route unless the fiber drops,
Using VPns

What equipment do the have? Usually if you have a router that can handle two connections one ADSL2 and one fiber or ....

Ip route x.x.x.x adsl2interface
Ip route fiberfeed  10
Ip route adsl2interface 100
If you then using the fiber establish an OSPF type of routing update, you would send x.x.x.x  advertisement with a higher preference compared to their default routes or you can create a VIM interface on the adsl2 side that tunnels out this way everyone except people at the location will connect to adsl2 site local IP I.e. translates/forwards packets to x.x.x.x NATing the source.
LVL 42

Expert Comment

ID: 40531010
I don't see why you should need to have multiple ISP connections at each site. Accessing the secure, web based database con be done either over a VPN connection, or over the public Internet if you enforce IP restrictions at the web server and/or firewall to only Internet traffic from the public addresses of those remote offices. I would still want the web server to be over SSL/TLS, but that is a way to ensure that access only happens from the offices. You always need to be sure that if VPN access to any site is allowed that VPN users don't have access to the database if that is your requirement. It is a hard thing to enforce, because if someone can get a remote desktop session to their computer they could still access the database, for example.
LVL 46

Accepted Solution

Craig Beck earned 167 total points
ID: 40531322
You should use a Cisco router to do PBR.  This will let you send database traffic via the MPLS link and internet traffic via the fibre internet link.  It's a simple solution.
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.


Author Comment

ID: 40531765
Thanks Guys!
Seems complicated:-(

The small office have to have the ADSL link as part of their establishment contract and the software support company for the database will only allow connections to the web server through this link. They are looking at allowing us to access the database through our own independant lines i am assuming via a VPN connection but this will be in the next 24months.

The ADSL2 line currently comes in on a Cisco 880 series router. Since this is provided by the ISP (Azzurri) we have no access to it. Again, the Virgin fibre broadband comes in on a home/business router but i need to check whether i have access to this in terms of configuration.

Craig your solution with the Cisco router carrying out PBR seems exactly what i would like to achieve. I would be grateful if you could briefly summarise how this works and would you know which router i would need to purchase?

I am assuming i will probably also require a Cisco 3760 series switchto be used as a core? Would i be able able create my VLANs (i.e. database, internet and guest) and then connect both adsl and fibre connections to this switch via cat5e? The router carrying out PBR would then connect into this switch?

Thanks guys for all your assistance!
LVL 42

Assisted Solution

kevinhsieh earned 166 total points
ID: 40531841
Any Cisco router, such as a used 800 series should work. You will need to be able to get changes made to it, either yourself or the company that manages it.

I highly doubt that the environment is locked down such that if sent traffic over your own connection that it wouldn't work. Their setup shouldn't know the difference. They just won't support it.

Any Cisco switch, such as the 2960 can do VLANs, and you can do all routing via routers and there is no need to do it at the switch. Routing can be done by a switch, but it tends to be more expensive because you need to license higher feature sets whereas the routers tend to have everything you need.

If you still need to have office to office communication and don't want to use the ADSL, the way to do that is with VPN connections between all of the routers. If you do that, you should be able to just unplug the ADSL connections.

Logically (as opposed to physically) the switch should be plugged into the router you control, and then the two WAN connections need to be plugged into that router. Your router would then route most traffic to the Virgin fibre, but it would have a policy that says that for traffic to/from the database web server send the traffic over the ADSL.

Author Closing Comment

ID: 40533227
Thanks for all your input guys, definitely got me on the right track.

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question