1811 config for multiple ISPs

Unanswered Question
Feb 22nd, 2008

Hi,

We have a cisco 1811 with FE0 connected with SHDSL, FE1 connected with ADSL2+ and an additional static IP address for mail server.

What we want to achieve is as below.

1. All the servers and users are in 1 private network connecting to VLAN1.

2. All the traffic initiated from private network will be directed out through FE1. Mostly are http request to browse the internet.

3. Some servers in private network are providing remote access, such as web server,citrix server, etc. We want these traffic coming through FE0.

4. The additional public IP address is assigned to Mail server, so outgoing mail has consistant source IP and wont be treated as spam.It is also used for MX record.

So how can I config the router?

My idea is :

1. ip route 0.0.0.0 0.0.0.0 FE1 metric 1

ip route 0.0.0.0 0.0.0.0 FE0 Metric 10

So outgoing traffic will choose FE1 first.

Dynamic Nat will translate the internal IP into FE1.

Do I also need to translate them into FE0?

2. All the PAT is set for FE0. But will the reply traffic going through FE1 instead of FE0 which will cause the connection fail?

3. Assign the additional public IP to interface FE0, nat into mail server. If the route is set as above, does that mean the outgoing mail will go through FE1? As mail server is in the range of dynamic ip, will it be translated into ip of FE1 when sending out mail?

How can I monitor the traffic? Can I set up mail service as low priority so it wont affect other traffic?

Lydia

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Edison Ortiz Fri, 02/22/2008 - 07:18

>So how can I config the router?

Since you want general traffic to go via FE1, then a default ip route should go to FE1.

As for the servers going to FE0, you need to configure a Policy Based Route.

See: http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_c/ch20/piconfig.htm#wp1001398

on how to configure such feature in your router.

You need to PAT on FE1 for the general traffic and static nat for servers on FE0.

You also need to keep in mind, when changing from one ISP to another, the external IP address will change (for instance, mail) so be careful with this design. You can't source a public IP from one interface while that public IP belong to the other ISP. The traffic will be dropped.

HTH,

__

Edison.

Actions

This Discussion