2811 with 2 ADSL needs to behave as 2 routers

Unanswered Question
May 30th, 2008


We had the 2 ADSL lines bonded but now this service have been removed and we have two idependant ISP logins. We are using one ADSL with NAT and with publish internal servers with PAT. We want to dedicate the second line to terminal services access but I'm having trouble getting it to work. The issue seems to revolve around the deafult route on the 2811. I don't need load-balancing and I know I can achieve what I want with two seperate routers but we don't really want another box!

What I really need is for any traffic that originates on an interface (say dialer2) to be returned on that interface and to ignore the default route. The default route is dialer1 and we have no other static routes set as this is router is only used for internet access. No routing protocols are in use.

Thanks for your attention - any offers of help greatly appreciated...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thotsaphon Fri, 05/30/2008 - 05:56

Hi simon,

You can use PBR to beat this requirement. It will give you a load sharing mechanism.



It will check your policies before the routing table.Nat should be taken into consideration as well. After understanding this technology you just modify the configurations I provided.


Hopes this helps


dosocisco Fri, 05/30/2008 - 11:01

Thank you Thot for your input and I will explore this avenue in our lab. However, the main issue I need to overcome is when clients try to connect from the internet via dialer2 they can't because the router's default route is dialer1. If I change the default route to dialer2 then it works okay but then any incomming requests (WAN) on dialer1 don't work. Is this something PBR can solve considering these are connections initiated from outside?

thotsaphon Fri, 05/30/2008 - 11:18


You need to understand how PBR works first.

Is this something PBR can solve considering these are connections initiated from outside?

Good question! What's going on when I access the terminal server from the outside.

- I should know what is the public ip address of dialer2

- I connect by using that public ip. let's say a.b.c.d

- My router has correctly been configured the

Nat statements. I now go to the internal terminal server. Natting from a.b.c.d(3389) to Assuming the private ip address of terminal server is

- Router should route me to get there.

- Traffics go from the server back to the router.

- I use PBR to ignore the routing table.

- I should configure something look like this:


ip access-list extended terminal

permit tcp host eq 3389 any


route-map gotodialer2 permit 10

match ip address terminal

set interface dialer2


int f0/0

ip policy route-map gotodialer2


- Router now sends me back to the correct interface.

- Router should use the same nat entry that was created when I came in.

- It should be ok,isn't it?



Paolo Bevilacqua Fri, 05/30/2008 - 11:18

Hi, PBR takes care of that, configuring the default route depending on source inside. That is done with route maps.

Alternatively configure "vrf lite" and that lets you split the router without using PBR.

Both techniques requires you familiarize yourself with concept and commands and do a bit of testing.

Hope this helps, please rate post if it does!

thotsaphon Fri, 05/30/2008 - 11:32

Hi Paolo,

Congrats on your fantastic star!!!

VRF-Lite is hard to beat this requirement.Why?

I think that the terminal server is using one ip address of the Lan subnet. If you want to dedicate the server and the dialer2 interface then you have to put the lan and dialer2 interfaces in the VRF you want.what is going on now? In the VRF routing table you will only see lan network and dialer2 network. Dialer1 will not be used any more.



Paolo Bevilacqua Fri, 05/30/2008 - 17:13


What if you want other hosts from the same subnet take the other path ? With PBR it is very simple to configure and you can have redundancy too.

Thanks for the appreciation!


This Discussion