How to route webser traffic to secondary ISP

Unanswered Question
May 24th, 2007

Hi,

I have 2 ISP;

ISP A; 1 x T1

ISP B; 5mb ethernet connection.

Current configurattion;

ISP A --> 2611-rtr -> T1 Se 0/0

ISP B --> 2611-rtr -> fa0/1

2611-rtr -> fa0/0 - Pix-525

PIX525 running PAT;

- Not running any routing protocol on the router, everyting is static route;

------------------------

interface FastEthernet0/0

ip address x.x.x.x 255.255.255.128

ip nat inside

ip route-cache flow

ip policy route-map Testing

!

interface FastEthernet0/1

ip address x.x.x.x 255.255.255.248

ip nat outside

ip route-cache flow

!

ip nat inside source list 10 interface FastEthernet0/1 overload

route-map Testing permit 10

match ip address 10

set ip next-hop x.x.x.x

---------------------------------

Routing all the internet surfing to ISP-B with route-map.

I have public webserver and registered with ISP-A (own /25 block).

My Goals;

- When there is a request web server, continue to use IPS-A and traffic going out use ISP-B

Can anyone point me to an example of what I want to acheive?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bjornarsb Thu, 05/24/2007 - 21:24

Hi,

You need to use the ISP that "owns" the ip of the server.

BR,

Bjornarsb

bizdemirler Thu, 05/24/2007 - 21:40

Bjornarsb,

Thanks for your reply.

So there is no other ways that I can make this work?

The reason I want to use ISP-B to route all outgoing traffic from webserver;

1. Bandwidth issue on ISP-A

2. Higher bandwidth on ISP-B

3. If I were to change webserver address it is going to take anywhere from 24-72 for replication DNS...

Thanks for any suggestions.

mohammedmahmoud Thu, 05/24/2007 - 22:18

Hi,

This can't be done as each ISP advertise his IPs to the internet, an ISP can't advertise another ISP IPs, and thus if the IPs belong to ISP A then the traffic must be sent to ISP A, moreover what you are doing is called asymetric routing which is not recommended in the first place.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

bjornarsb Thu, 05/24/2007 - 23:55

You either need to change the server IP adr. to the scope given by isp B or apply for your own address space.

PI = Provider Independent Adresses.

foxbatreco Sun, 05/27/2007 - 15:34

Hii..

Correct me if am wrong on ur needs.

1)all internal xfic to internet has to take outward path thru B link.

2)the webserver is located in ur internal n/w with a global ip provided by A link.is this mapped to a local ip in the router?

for 1) u will have to make nat of all traffic with B link iP's only and define a route-map with any any traffic eq web and give next hop as gateway of B link.

for 2) since the one to one map is made with A link ip ..when access traffic comes in for this server .. it will find the nat statement in the router and move to the webserver local ip inside the n/w.

Other guys..pls correct if i am wrong..

Please rate if the post helps.

bizdemirler Mon, 05/28/2007 - 15:32

Hi foxbatreco,

1. PAT only for internet surfing and it is defined to x.x.x.101

access-list 10 permit x.x.x.101

route-map Testing permit 10

match ip address 10

set ip next-hop ISP-B

interface FastEthernet0/0

ip address x.x.x.x 255.255.255.128

ip nat inside

ip policy route-map Testing

interface FastEthernet0/1

ip address x.x.x.x 255.255.255.248

ip nat outside

2)the webserver is located in ur internal n/w with a global ip provided by A link.is this mapped to a local ip in the router?

NO, it is defined in firewall (pix525)

3) u will have to make nat of all traffic with B link iP's only and define a route-map with any any traffic eq web and give next hop as gateway of B link?

If I defined; access-list 10 permit access-list 1 permit x.x.x.x 0.0.0.255 (ISP-A).

There I will have issue with VPN and any other web services.

If I do traceroute; of web server; I get ISP-B address.

Thanks for any inputs.

Actions

This Discussion