05-24-2007 06:24 PM - edited 03-03-2019 05:08 PM
Hi,
I have 2 ISP;
ISP A; 1 x T1
ISP B; 5mb ethernet connection.
Current configurattion;
ISP A --> 2611-rtr -> T1 Se 0/0
ISP B --> 2611-rtr -> fa0/1
2611-rtr -> fa0/0 - Pix-525
PIX525 running PAT;
- Not running any routing protocol on the router, everyting is static route;
------------------------
interface FastEthernet0/0
ip address x.x.x.x 255.255.255.128
ip nat inside
ip route-cache flow
ip policy route-map Testing
!
interface FastEthernet0/1
ip address x.x.x.x 255.255.255.248
ip nat outside
ip route-cache flow
!
ip nat inside source list 10 interface FastEthernet0/1 overload
route-map Testing permit 10
match ip address 10
set ip next-hop x.x.x.x
---------------------------------
Routing all the internet surfing to ISP-B with route-map.
I have public webserver and registered with ISP-A (own /25 block).
My Goals;
- When there is a request web server, continue to use IPS-A and traffic going out use ISP-B
Can anyone point me to an example of what I want to acheive?
Thanks!
05-24-2007 09:24 PM
Hi,
You need to use the ISP that "owns" the ip of the server.
BR,
Bjornarsb
05-24-2007 09:40 PM
Bjornarsb,
Thanks for your reply.
So there is no other ways that I can make this work?
The reason I want to use ISP-B to route all outgoing traffic from webserver;
1. Bandwidth issue on ISP-A
2. Higher bandwidth on ISP-B
3. If I were to change webserver address it is going to take anywhere from 24-72 for replication DNS...
Thanks for any suggestions.
05-24-2007 10:18 PM
Hi,
This can't be done as each ISP advertise his IPs to the internet, an ISP can't advertise another ISP IPs, and thus if the IPs belong to ISP A then the traffic must be sent to ISP A, moreover what you are doing is called asymetric routing which is not recommended in the first place.
HTH, please do rate all helpful replies,
Mohammed Mahmoud.
05-24-2007 11:55 PM
You either need to change the server IP adr. to the scope given by isp B or apply for your own address space.
PI = Provider Independent Adresses.
05-27-2007 03:34 PM
Hii..
Correct me if am wrong on ur needs.
1)all internal xfic to internet has to take outward path thru B link.
2)the webserver is located in ur internal n/w with a global ip provided by A link.is this mapped to a local ip in the router?
for 1) u will have to make nat of all traffic with B link iP's only and define a route-map with any any traffic eq web and give next hop as gateway of B link.
for 2) since the one to one map is made with A link ip ..when access traffic comes in for this server .. it will find the nat statement in the router and move to the webserver local ip inside the n/w.
Other guys..pls correct if i am wrong..
Please rate if the post helps.
05-28-2007 03:32 PM
Hi foxbatreco,
1. PAT only for internet surfing and it is defined to x.x.x.101
access-list 10 permit x.x.x.101
route-map Testing permit 10
match ip address 10
set ip next-hop ISP-B
interface FastEthernet0/0
ip address x.x.x.x 255.255.255.128
ip nat inside
ip policy route-map Testing
interface FastEthernet0/1
ip address x.x.x.x 255.255.255.248
ip nat outside
2)the webserver is located in ur internal n/w with a global ip provided by A link.is this mapped to a local ip in the router?
NO, it is defined in firewall (pix525)
3) u will have to make nat of all traffic with B link iP's only and define a route-map with any any traffic eq web and give next hop as gateway of B link?
If I defined; access-list 10 permit access-list 1 permit x.x.x.x 0.0.0.255 (ISP-A).
There I will have issue with VPN and any other web services.
If I do traceroute; of web server; I get ISP-B address.
Thanks for any inputs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: