03-14-2007 03:14 PM - edited 03-03-2019 04:10 PM
Hello All,
On my internet router I have 2 Fa interfaces and 1 serial. Fa0/0 is connected to my internal network. S0/0/0 is connected to one ISP. Fa0/1 is conencted to a second ISP. I would like all my HTTP traffic (Web Browsing) to go through Fa0/1 to my second ISP whilst the rest of the traffic is run through S0/0/0 to the first ISP. I would like to use Policy Based Routing to do this for my Fa0/1 interface.
I have configured it but am still unable to access the internet via Fa0/1 to ISP2
Here are the configs that I have:
interface FastEthernet0/0
description Link to DMZ
ip address 202.x.x.33 255.255.255.240
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip route-cache flow
ip policy route-map ISP2
ip nat inside
speed auto
full-duplex
no cdp enable
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
duplex auto
speed auto
ip nat pool ISP2_POOL 192.168.1.10 192.168.1.20 prefix-length 24
ip nat inside source list 10 pool ISP2_POOL
access-list 1 permit 202.x.126.38
access-list 10 permit 202.x.126.38
route-map ISP2 permit 10
match ip address 1
set interface FastEthernet0/1
set ip next-hop 192.168.1.1
Any help would be greatly appreciated as I am being given a really short timeline to get this done.
Thanks.
Tim.
03-14-2007 03:23 PM
Tim
Is the traffic coming from source address 202.62.126.38? That is the only address that your route map and access list will send out the other interface.
Also I am not sure why you are using both:
set interface FastEthernet0/1
and
set ip next-hop 192.168.1.1
What happens if you remove the set interface and use only set ip next-hop?
HTH
Rick
03-14-2007 03:47 PM
Rick,
Yes. The traffic is coming from source address 202.62.126.38.
I will try to remove the set interface fa0/1 and only use the set ip next-hop.
Will keep you updated.
Tim.
03-18-2007 01:08 AM
Tim,
Do you own the public LAN ip pool i.e is it assigned to you by some body like the ARIN/APNIC
If the public lan pool is given by an ISP, then it will most probably be rejected by the other ISP.
Also i do not understand why you are Natting a public ip to a private IP and sending across, unless your ISP is again Natting it.
A brief topology would help
HTH, rate if it does
Narayan
03-19-2007 02:39 PM
Hello Narayan,
We do not own a public ip pool. The public IP's that we use was given to us by our ISP (ISP1).
We are NATTing a public IP to a private IP before sending to ISP2 who then Natt's it again to their public IP.
We have all HTTP traffic going through the interface fa0/1 connected to ISP2 and all other traffic eg. email going through the serial interface to ISP1.
Topology would be somthing like this:
ISP1--publicIP--s0 ExtRouter fa0/1--NAT--ISP2
fa0/0 of the ExtRouter is linked to our internal network. Fa0/0 has a public IP that is being Natted to a private IP for all HTTP traffic which are directed to ISP2 whilst all other traffic goes via s0.
Hope this helps in understanding my problem.
Thanks.
Tim.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide