PBR doubts urgent issue

Unanswered Question
Jun 14th, 2008

Dear all

i have a 2811 router on se0/0/0 wic 1t is installed and internet leased line is terminated on it.i have 6 public ip addresses with me.

serial is configured and im using gi0/0(public IP on this interface) to connect to my firewall.

i have installed 3 ADSL WIC cards, rt now only 1 adsl is connected and im using gi0/1 (private ip address is used here)and i did a policy based routing.

please see the configuration.

interface FastEthernet0/0

ip address 212.72.6.137 255.255.255.248

ip policy route-map servers

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip tcp adjust-mss 1452

ip policy route-map adsl

interface Serial0/0/0

ip address 212.72.6.182 255.255.255.252

interface ATM0/1/0

no ip address

ip mtu 1492

ip tcp adjust-mss 1452

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

!

interface ATM0/1/0.1 point-to-point

ip mtu 1492

pvc 0/35

pppoe-client dial-pool-number 1

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname xxxxx

ppp chap password yyyyy

ppp pap sent-username xxxxx password yyyyyyy

ip nat inside source list 1 interface Dialer1 overload

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 20 permit 212.72.6.136 0.0.0.7

route-map adsl permit 1

match ip address 1

set interface Dialer1

route-map servers permit 20

match ip address 20

set interface Serial0/0/0

now my customers requirement is instead of using 2 ethernet intefaces they are asking me to use the first ethernet interface which is having public ip address.

how can i achieve this.

pleas help me at the earliset.

thanks &regards

Binoy.

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
foxbatreco Sat, 06/14/2008 - 01:24

As i understood from ur post..basically ur Fa0/0 with the public IP's is being used to connect to ur firewall.The fa0/1 is ur local interface.

Where r the users actually hooked to.

I would rather suggest hook ur users behind the Firewall and let NAT/PAT happen inside the FW.This way u can use ur extra IP's for hosting some webservers as well behind the FW.

The router can be used for simple first layer to interact on routing part.

Let me know if i wat i understood is not per ur requirement.

Pls rate/mark if this helps!!!

binoyjosephstanly Sat, 06/14/2008 - 02:01

dear frnd thanks for your reply

my fa0/0 is connecting to a friewall and ive dmz zone with one web server and front end exchange.

back end exchange and others are sitting in inside network.

my dmz is 192.168.3.0/24 and my inside network is 192.168.1.0/24

and im using couple of public ip's for static nating ex.for front end exchange n all.

that part is working no issues.

my customer need adsl also in this same router

so ive put adsl and configured and configured fa0/1. my users will also be in 192.168.1.0/24

so im planning to terminate fa0/1 also in firewall and divert exchange traffic thru leased line ans http traffic from users to adsl.

this is my requirement

Binoy

foxbatreco Mon, 06/16/2008 - 14:17

Binoy...pls clarify a bit more abt ur need.So far as i understood-

*se0/0/0 terminates T1 & has extra public IP's

*fa0/0 links to firewall & has public servers using public ip's.

*fa0/1 links to local lan.

Requirement: ADSL to be hooked on fa0/1 alongwith local lan users.So terminate fa0/1 also in firewall and segregate traffic http thru leased link & http from users via adsl.

Now one small stuff here if u try to hookup both fw traffic and user traffic in fa0/1 ..u might have to break the /29 additional global IP's into 2/3 sets of /30IP's with ur provider.

Also is there any specific need why customer is asking to use only one interface.

Pls correct if this is not the case.

Actions

This Discussion