2621 - 2 LANs, 2 ISPs, 2 PIXs

Answered Question

I have A 2621 router connecting 2 LANs, each with its own Internet connection via a PIX. I can oommunicate between the LANs, but only 1 can access the internet via its own ISP connection. Any help appreciated.

Correct Answer by mohammedmahmoud about 10 years 1 month ago

Hi,


The default routes that are configured on the 2600 are inconsistent as they can't tell which packets can use which default route, accordingly use the following configuration (PBR configuration):





interface FastEthernet0/0

ip address 10.38.77.35 255.255.255.0

ip policy route-map LAN1

speed auto

half-duplex


interface FastEthernet0/1

ip address 192.168.0.35 255.255.255.0

ip policy route-map LAN2

speed auto

half-duplex


route-map LAN1 permit 10

match ip address 1

set ip default next-hop 10.38.77.130


route-map LAN2 permit 10

match ip address 2

set ip default next-hop 192.168.0.4



access-list 1 deny 10.38.77.30 0.0.0.0

access-list 1 deny 10.38.77.130 0.0.0.0

access-list 1 permit 10.38.77.0 0.0.0.255


access-list 2 deny 192.168.0.4 0.0.0.0

access-list 2 permit 192.168.0.0 0.0.0.255



no ip route 0.0.0.0 0.0.0.0 192.168.0.4

no ip route 0.0.0.0 0.0.0.0 10.38.77.130


please keep me updated with your final results.



HTH, please rate if it does help,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
mohammedmahmoud Sat, 04/28/2007 - 01:41
User Badges:
  • Green, 3000 points or more

Hi,


Can you please post your 2600 configuration.


BR,

Mohammed Mahmoud.

Attached is sho-run.

The 2 LANs are independant. Both are communicating, but only the 10.38.77.0 LAN is able to get to the Internet.


Add'l info -

1. the 10.38.77.0 LAN goes thru the 2621, then thru a T1 Router, then thru a PIX.

2. the 192.168.0.0 LAN goet thru the 2621, then thru a cable router, then thru a different PIX.


Thanks for any help.



mohammedmahmoud Sat, 04/28/2007 - 08:28
User Badges:
  • Green, 3000 points or more

hi,


I guess that:


ip route 0.0.0.0 0.0.0.0 192.168.0.4 (this is the default route towards the cable router)


ip route 0.0.0.0 0.0.0.0 10.38.77.130 (this is the default route towards the T1 router)


If yes then the 2600 router configuration is ok, but the problem must be on the cable router or the PIX, it must have no route for the return traffic to LAN 192.168.0.0.


HTH, please rate if it does help,

Mohammed Mahmoud.

mohammedmahmoud Sun, 04/29/2007 - 00:02
User Badges:
  • Green, 3000 points or more

Hi,


I don't know your cable router code, you'll need to find a configuration guide or contact the vendor.


Can you please post a topology diagram (maybe by Visio), i have a further issue.


HTH,

Mohammed Mahmoud.

mohammedmahmoud Mon, 04/30/2007 - 10:31
User Badges:
  • Green, 3000 points or more

Hi,


What is the default gateway configuration on your workstations and servers ?


BR,

Mohammed Mahmoud.

mohammedmahmoud Mon, 04/30/2007 - 12:01
User Badges:
  • Green, 3000 points or more

Hi,


The problem here is that:


1. Why do u need RIP?

2. This design is inconsistent, do you have more Ethernet interfaces on the 2600 router ?


BR,

Mohammed Mahmoud.

Correct Answer
mohammedmahmoud Mon, 04/30/2007 - 12:28
User Badges:
  • Green, 3000 points or more

Hi,


The default routes that are configured on the 2600 are inconsistent as they can't tell which packets can use which default route, accordingly use the following configuration (PBR configuration):





interface FastEthernet0/0

ip address 10.38.77.35 255.255.255.0

ip policy route-map LAN1

speed auto

half-duplex


interface FastEthernet0/1

ip address 192.168.0.35 255.255.255.0

ip policy route-map LAN2

speed auto

half-duplex


route-map LAN1 permit 10

match ip address 1

set ip default next-hop 10.38.77.130


route-map LAN2 permit 10

match ip address 2

set ip default next-hop 192.168.0.4



access-list 1 deny 10.38.77.30 0.0.0.0

access-list 1 deny 10.38.77.130 0.0.0.0

access-list 1 permit 10.38.77.0 0.0.0.255


access-list 2 deny 192.168.0.4 0.0.0.0

access-list 2 permit 192.168.0.0 0.0.0.255



no ip route 0.0.0.0 0.0.0.0 192.168.0.4

no ip route 0.0.0.0 0.0.0.0 10.38.77.130


please keep me updated with your final results.



HTH, please rate if it does help,

Mohammed Mahmoud.

mohammedmahmoud Mon, 04/30/2007 - 22:39
User Badges:
  • Green, 3000 points or more

Hi,


You are welcomed, and please keep me updated with your results.


BR,

Mohammed Mahmoud.

One of the things that I will need to test is the Exchange Server, for email. It is on the 192. LAN. Its gateway is set to the 192.168.0.4 cable router, which is port forwarding for email to the Exchange Server. I do not think it would affect the email, if I change the gateway of the Exchange Server to the 192.168.0.35 address. Do you agree?


Again, thanks for your help, and your follow up. I will let you know the results tomorrow.


mohammedmahmoud Mon, 04/30/2007 - 23:16
User Badges:
  • Green, 3000 points or more

Hi,


No it shouldn't make any problems, please do keep me updated.


good luck,

Mohammed Mahmoud.

mohammedmahmoud Thu, 05/03/2007 - 22:12
User Badges:
  • Green, 3000 points or more

Hi,


You are very welcomed, i am really glade that everything went great, please keep me updated with the final results.


HTH,

Mohammed Mahmoud.

Actions

This Discussion