Two ISP Link

Unanswered Question
Feb 6th, 2008
User Badges:


I have two router connected with two different ISP with different global IP addresses.

These two routers are connected with layer 3 switch 3750 which has one SVI interface Vlan 1 on which ISP A routable IP address assisgned.

This switch is connected with Firewall. Firewall has default route towards this layer 3 switch.

NOw i wana configure my network topology in the way that my few subnets goes to ISP A and few subnets goes to ISP B.

I want to deploy PBR so that I can use both Links bandwidth. How to configure switch and routers for this toplogy.

Firewall has default route towards the switch. and Switch has default route for the ISP A router.

How to involve the ISP B router.

I wana to do load share.

Please help me out.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Amit Singh Wed, 02/06/2008 - 04:15
User Badges:
  • Cisco Employee,


Please attach a topology diagram.

-amit singh

wasiimcisco Wed, 02/06/2008 - 04:38
User Badges:

Dear Amit,

My topology diagram include Real IPs i will be very greatful to you, if you give me ur email address, i wll send it to personally.

I hope u will understand it. Just give me ur email and i will give u whole network diagram.

waiting for ur reply

wasiimcisco Wed, 02/06/2008 - 04:57
User Badges:

Dear amit,

I have attached the network topology for your kind consideration. Plz see and tell me how to configure it.

I will be very greatful to you.

Amit Singh Wed, 02/06/2008 - 05:15
User Badges:
  • Cisco Employee,

Hi Wasim,

In this toplogy its really hard to achieve what you are lokking for. There are two options to it that I could let you know at this moment:

1. Partioioned your network into 2 half and have one PIX and 92.x network dedicated to ISP-As and another PIX and 32.x network to ISP-B.

2. Have your NAT configured on the respective ISP routers and donot use PIX for natting. Then have your both the 92.x and 32.x appear as the same on the outside interface of the pix i.e. do self-static for the networks on the outside interface of the PIX. Once this is doen you can use 3750 do the PBR based on the source ip address. For source from 92.x subnet use the ISP-A and for 32.x use the ISP-B. Incase of any of the ISP failure have all the subnet use the same ISP.

Persoanlly Option 2 will be less tedious and easy to configure.

HTH,Please rate if it does.

-amit singh

wasiimcisco Thu, 02/07/2008 - 10:08
User Badges:

Dear amit,

I cant obey the 2nd option, bcz my firewall is doning so many static translation and my servers are published on it.

I dont wana change anything in current network except to add another router and wana configure for bandwidth sharing.

I did the configuration that another guy send me in the reply of my question.

I made the PBR and apply it on switch in which my pix and router A and Router B are connected.

Switch has defualt gateway towards Router A connected with ISP A.

I attach Router B in switch Vlan 1. Router B is connected with ISP B. Switch that port is access port.

But I am getting no packets on ISP router B interface.

I am getting following debugs on switch where I apply the PBR.

Switch only has one VLAN and which is VLAN 1.

02:34:27: IP: s= (Vlan1), d=, len 40, FIB policy match

02:34:27: CEF-IP-POLICY: fib for addr is default; Nexthop rejected

02:34:27: IP: s= (Vlan1), d=, len 40, FIB policy rejected - normal forwarding

02:34:27: IP: route map PBR, item 10, permit

Kindly help me what to do now. I think there is need to change on switch and there is need to make SVI that has IP of ISP B.

Please reply.

vikassheokand Wed, 02/06/2008 - 05:19
User Badges:


you need to enter following commands in L3 switch

route-map test permit 10

match ip address 150

set ip next-hop ( IP of router B which is connected with L3 interface)

access-list 150 permit ip wildcard mask

source subnets that you will define in access-list will go to router B

apply this route-map on the interface connected to firewall

ip policy route-map test

wasiimcisco Thu, 02/07/2008 - 10:24
User Badges:

Thanks for the reply, but i am not getting the results. I going to internet via defualt route not through PBR.

I am getting following debugs on switch

02:50:12: CEF-IP-POLICY: fib for addr is default; Nexthop rejected

I applied the policy on VLAN 1. Switch has only one VLAN. In which PIX, router A and B are connected.

Kindly help me what to do now.


This Discussion