Policy Based Routing

ttuisawau · ‎03-14-2007

Hello All,

On my internet router I have 2 Fa interfaces and 1 serial. Fa0/0 is connected to my internal network. S0/0/0 is connected to one ISP. Fa0/1 is conencted to a second ISP. I would like all my HTTP traffic (Web Browsing) to go through Fa0/1 to my second ISP whilst the rest of the traffic is run through S0/0/0 to the first ISP. I would like to use Policy Based Routing to do this for my Fa0/1 interface.

I have configured it but am still unable to access the internet via Fa0/1 to ISP2

Here are the configs that I have:

interface FastEthernet0/0

description Link to DMZ

ip address 202.x.x.33 255.255.255.240

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip route-cache flow

ip policy route-map ISP2

ip nat inside

speed auto

full-duplex

no cdp enable

!

interface FastEthernet0/1

ip address dhcp

ip nat outside

duplex auto

speed auto

ip nat pool ISP2_POOL 192.168.1.10 192.168.1.20 prefix-length 24

ip nat inside source list 10 pool ISP2_POOL

access-list 1 permit 202.x.126.38

access-list 10 permit 202.x.126.38

route-map ISP2 permit 10

match ip address 1

set interface FastEthernet0/1

set ip next-hop 192.168.1.1

Any help would be greatly appreciated as I am being given a really short timeline to get this done.

Thanks.

Tim.

Richard Burts · ‎03-14-2007

Tim

Is the traffic coming from source address 202.62.126.38? That is the only address that your route map and access list will send out the other interface.

Also I am not sure why you are using both:

set interface FastEthernet0/1

and

set ip next-hop 192.168.1.1

What happens if you remove the set interface and use only set ip next-hop?

HTH

Rick

HTH

Rick

ttuisawau · ‎03-14-2007

Rick,

Yes. The traffic is coming from source address 202.62.126.38.

I will try to remove the set interface fa0/1 and only use the set ip next-hop.

Will keep you updated.

Tim.

royalblues · ‎03-18-2007

Tim,

Do you own the public LAN ip pool i.e is it assigned to you by some body like the ARIN/APNIC

If the public lan pool is given by an ISP, then it will most probably be rejected by the other ISP.

Also i do not understand why you are Natting a public ip to a private IP and sending across, unless your ISP is again Natting it.

A brief topology would help

HTH, rate if it does

Narayan

ttuisawau · ‎03-19-2007

Hello Narayan,

We do not own a public ip pool. The public IP's that we use was given to us by our ISP (ISP1).

We are NATTing a public IP to a private IP before sending to ISP2 who then Natt's it again to their public IP.

We have all HTTP traffic going through the interface fa0/1 connected to ISP2 and all other traffic eg. email going through the serial interface to ISP1.

Topology would be somthing like this:

ISP1--publicIP--s0 ExtRouter fa0/1--NAT--ISP2

fa0/0 of the ExtRouter is linked to our internal network. Fa0/0 has a public IP that is being Natted to a private IP for all HTTP traffic which are directed to ISP2 whilst all other traffic goes via s0.

Hope this helps in understanding my problem.

Thanks.

Tim.