Route Map on Router 2821

Unanswered Question
May 5th, 2008

I have 2821 Router with 1 x WIC-1T and 1 x ADSL Card , My default route is my Internet Lease line but I want to send only port 80,8080 traffic through ADSL.

Please help in configuring.

I ahve already configuered Lease line , its working but now all traffic is going through it???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Pari Thiagasundaram Mon, 05/05/2008 - 09:54

How about creating an extended ACL for the ADSL and permit all other traffic through the internet leased line?

Richard Burts Mon, 05/05/2008 - 10:13

Asfar

What you want is Policy Based Routing which can identify certain types of traffic and can make different routing decisions for this particular traffic. PBR uses route-maps and access lists to control the traffic. A configuration might look something like this:

interface

ip policy route-map web_traffic

route-map web_traffic permit 10

match ip address http_out

set ip next-hop

ip access-list extended http_out

permit tcp any eq 80

permit tcp any eq 8080

where interface# is the interface identifier of the interface on which the traffic enters the router (probably your inside interface) and where is the subnet of the source addresses whose web traffic will be sent and where is the inverse mask of those subnets.

HTH

Rick

asfar.zaidi Mon, 05/05/2008 - 10:43

In my scenario

set ip next-hop will be dialer 0

Am I right

One More thing

do i need to perform natting i.e nat outside and nat inside , keeping in mind my default route is Internet Lease Line and my traffic coming from inside interface is already natted on Firewall.

Richard Burts Mon, 05/05/2008 - 10:52

Asfar

If you do not have the next hop address and will be sending through dialer0 then instead of set ip next-hop you would want to use set interface.

And yes you would need to perform natting for the traffic going out the ADSL that is different from the traffic going out your default leased line. I have implemented something similar to this where traffic coming into the router had been natted for the default route and I did PBR and natted it again for the different interface. It works ok.

HTH

Rick

thotsaphon Mon, 05/05/2008 - 10:55

Hi Asfar,

Rick provided a good solution for you.

Using "set ip next-hop dialer 0" will be fine. Hopefully ISP does proxy-arp functions for you at the provider edge router.

PBR will let the traffics(tcp80/8080) go out the dialer interface. The rest of traffics will use the routing table.In your case is a default route.

May be you have to add the commands look like this for redundancy.

set ip next-hop dialer 0

Edit: you still need doing NAT on the dialer interface because we need to receive the traffics back from the correct interface.

Hopes this helps

Thot

asfar.zaidi Mon, 05/05/2008 - 11:40

Can you please tell me what nat statement should i put!!!

will it be based on tcp port 80 and port 8080

thotsaphon Mon, 05/05/2008 - 11:52

Hi Asfar,

Just try the following commands:

route-map NatISP permit 10

match interface dialer 0

ip nat inside source route-map NetISP interface dialer 0 overload

int

ip nat inside

int dialer 0

ip nat outside

Please let us know how things work out!

Thot

Richard Burts Mon, 05/05/2008 - 11:59

Asfar

I would suggest that you do not want to do the translation based on tcp port 80 and 8080. When I implemented something similar I just did a static translation from one address to another address. The traffic coming from the firewall has been translated already and you want to take that traffic and translate it again to the address of the ADSL. That way you do not need to be concerned whether the firewall has done anything with the port numbers.

You would need the ip nat inside command on the interface connecting to the firewall. And you would need ip nat outside on the dialer0 interface. Then you need the commands to do the translation. They might look something like this:

ip nat inside source list 15 interface dialer0 overload

access-list 15 permit

depending on how the firewall is translating (translating outbound traffic to a pool of addresses or translating outbound traffic to a single address) you would put a subnet of addresses or a host address and you would put a mask of the subnet or a mask of a host.

This should take care of translating traffic being sent out the dialer interface and not interfere with traffic going out the leased line.

[edit] I see that Thot has also posted a suggestion. His idea of using translation with a route map which could match on outbound interface is an interesting possibility.

HTH

Rick

Actions

This Discussion