cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1270
Views
10
Helpful
17
Replies

2621 - 2 LANs, 2 ISPs, 2 PIXs

larry
Level 1
Level 1

I have A 2621 router connecting 2 LANs, each with its own Internet connection via a PIX. I can oommunicate between the LANs, but only 1 can access the internet via its own ISP connection. Any help appreciated.

1 Accepted Solution

Accepted Solutions

Hi,

The default routes that are configured on the 2600 are inconsistent as they can't tell which packets can use which default route, accordingly use the following configuration (PBR configuration):

interface FastEthernet0/0

ip address 10.38.77.35 255.255.255.0

ip policy route-map LAN1

speed auto

half-duplex

interface FastEthernet0/1

ip address 192.168.0.35 255.255.255.0

ip policy route-map LAN2

speed auto

half-duplex

route-map LAN1 permit 10

match ip address 1

set ip default next-hop 10.38.77.130

route-map LAN2 permit 10

match ip address 2

set ip default next-hop 192.168.0.4

access-list 1 deny 10.38.77.30 0.0.0.0

access-list 1 deny 10.38.77.130 0.0.0.0

access-list 1 permit 10.38.77.0 0.0.0.255

access-list 2 deny 192.168.0.4 0.0.0.0

access-list 2 permit 192.168.0.0 0.0.0.255

no ip route 0.0.0.0 0.0.0.0 192.168.0.4

no ip route 0.0.0.0 0.0.0.0 10.38.77.130

please keep me updated with your final results.

HTH, please rate if it does help,

Mohammed Mahmoud.

View solution in original post

17 Replies 17

mohammedmahmoud
Level 11
Level 11

Hi,

Can you please post your 2600 configuration.

BR,

Mohammed Mahmoud.

Attached is sho-run.

The 2 LANs are independant. Both are communicating, but only the 10.38.77.0 LAN is able to get to the Internet.

Add'l info -

1. the 10.38.77.0 LAN goes thru the 2621, then thru a T1 Router, then thru a PIX.

2. the 192.168.0.0 LAN goet thru the 2621, then thru a cable router, then thru a different PIX.

Thanks for any help.

hi,

I guess that:

ip route 0.0.0.0 0.0.0.0 192.168.0.4 (this is the default route towards the cable router)

ip route 0.0.0.0 0.0.0.0 10.38.77.130 (this is the default route towards the T1 router)

If yes then the 2600 router configuration is ok, but the problem must be on the cable router or the PIX, it must have no route for the return traffic to LAN 192.168.0.0.

HTH, please rate if it does help,

Mohammed Mahmoud.

You are correct that the 192 is the cable router. It is not a cisco device, and I will contact them for further support, but if it were, what code would route it back to the 192 LAN?

Hi,

I don't know your cable router code, you'll need to find a configuration guide or contact the vendor.

Can you please post a topology diagram (maybe by Visio), i have a further issue.

HTH,

Mohammed Mahmoud.

Don't have Visio on this computer, so attached a word doc with diagram. I have bypassed the pix on the 192. side, to eliminate as problem.

What other issue?

Hi,

What is the default gateway configuration on your workstations and servers ?

BR,

Mohammed Mahmoud.

192.168.0.35 for the 192. LAN, and 10.38.77.35 for the 10. LAN.

I need the 192. For the Exchange server.

Hi,

The problem here is that:

1. Why do u need RIP?

2. This design is inconsistent, do you have more Ethernet interfaces on the 2600 router ?

BR,

Mohammed Mahmoud.

Hi,

The default routes that are configured on the 2600 are inconsistent as they can't tell which packets can use which default route, accordingly use the following configuration (PBR configuration):

interface FastEthernet0/0

ip address 10.38.77.35 255.255.255.0

ip policy route-map LAN1

speed auto

half-duplex

interface FastEthernet0/1

ip address 192.168.0.35 255.255.255.0

ip policy route-map LAN2

speed auto

half-duplex

route-map LAN1 permit 10

match ip address 1

set ip default next-hop 10.38.77.130

route-map LAN2 permit 10

match ip address 2

set ip default next-hop 192.168.0.4

access-list 1 deny 10.38.77.30 0.0.0.0

access-list 1 deny 10.38.77.130 0.0.0.0

access-list 1 permit 10.38.77.0 0.0.0.255

access-list 2 deny 192.168.0.4 0.0.0.0

access-list 2 permit 192.168.0.0 0.0.0.255

no ip route 0.0.0.0 0.0.0.0 192.168.0.4

no ip route 0.0.0.0 0.0.0.0 10.38.77.130

please keep me updated with your final results.

HTH, please rate if it does help,

Mohammed Mahmoud.

Thanks! It appears to have worked. I will test further tomorrow, and let you know if any problems.

I will rate this a 5.

Hi,

You are welcomed, and please keep me updated with your results.

BR,

Mohammed Mahmoud.

One of the things that I will need to test is the Exchange Server, for email. It is on the 192. LAN. Its gateway is set to the 192.168.0.4 cable router, which is port forwarding for email to the Exchange Server. I do not think it would affect the email, if I change the gateway of the Exchange Server to the 192.168.0.35 address. Do you agree?

Again, thanks for your help, and your follow up. I will let you know the results tomorrow.

Hi,

No it shouldn't make any problems, please do keep me updated.

good luck,

Mohammed Mahmoud.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: