cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
464
Views
4
Helpful
5
Replies

2851 Router with 3 x ADSL interfaces

gregsmales
Level 1
Level 1

Hi all,

Wondering if someone can assist with a config I need to put together in the next few weeks.

Situation is this:

Cisco 2851 Router with 3 x ADSL interfaces

Reason behind the 3 x ADSL's is the following:

1 x ADSL (512k/512k) to be used for VoIP traffic

1 x ADSL (512k/512k) to be used for MS SQL traffic

1 x ADSL (8000k/384k) to be used for everything else

Each of these ADSL's will need a site-to-site IPSEC connection back to our main site (terminating on a 3rd party firewall). My question is how should I go about configuring the ADSL interfaces so that only the specified traffic types travels down the correct link?

And if you were wondering why we are looking at doing this on a 2851 it's because the 4th interface is a VIC2-2BRI, and the router is going to be doing SRST (supporting approx 60 VoIP phones).

Any suggestions/comments/example configs would be greatly apreciated.

5 Replies 5

bjornarsb
Level 4
Level 4

Hi,

This might be a start?

!

interface fastethernet 3/1

desc ** LAN interface ***

ip policy route-map Texas

ip nbar...

!

route-map Texas permit 10

match protocol XXX

set ip next-hop 3.3.3.3

!

route-map Texas permit 20

match ip protocol XX

set ip next-hop 4.3.3.5

or set interface XXX

route-map Texas permit 30

Then you have 3 different crypto-maps for

you ipsec connecitons, each applied to one ADSL interface.

HTH

BR,

Bjornarsb

Thanks for your reply. I'll give this a go once I get my hands on the hardware

Hi,

I've started building a config for this and have struck a potential problem.

When you define each of the three crypto-map's you need to define a 'match' statement which points to an ACL. If the route-map's are matching based on protocol, how should I look at matching the crypto-map's?

Also is it possible to have a different pre-shared key for each ipsec tunnel?

Thanks

Also, I actually don't see 'match protocol' or 'match ip protocol' as available selections in the route-map. Do I need to turn something on like nbar or cef?

I'd suggest for your mapping on the crypto-maps for your router, match via protocol/ports. You know your SQL is bound to port 1433 or something like that, and it's a TCP protocol. Your VoIP will fall on certain ports and use UDP. . .make sure and include your skinny protocol in there as well.

After that, I think you can gather all the traffic that's left. . .you'd just deny the other two from the access-list you're using for your bulk traffic.

And I do believe you can have a different pre-shared key since you'll have 3 different crypto-maps. I think, but don't quote me on that.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: