One Firewall and two routers

Unanswered Question
Jun 30th, 2008
User Badges:

Hi to all,


Probably for you is a studip problem, but for me...


I have a Router 2811 configured as firewall and CME, and as gateway to ADSL a router 837 series.


Until yesterday I have only one ADSL, but now we need an other ADSL to split client traffic and server traffic.


I configured an other 837 router to with the ADSL, each adsl had 8 ip subnet.


It is enougth to configure and other ip route with same weight?

Like this:


ip route 0.0.0.0 0.0.0.0 111.111.111.111

ip route 0.0.0.0 0.0.0.0 222.222.222.222


and reconfigure the NAT pool for client?


Thank you very much.


Augusto.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mpatus Mon, 06/30/2008 - 09:53
User Badges:

Configuring two equally weighted static routes will cause them to load balance.

If I'm understanding correctly, you want your clients to use one ADSL router and your servers to use the other.

Let's pretend your servers are in the 192.168.1.x range of IPs and your clients are in the 192.168.2.x range of IPs

Try this:

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 permit ip 192.168.2.0 0.0.0.255 any



route-map TEST permit 10

match ip address 101

set ip next-hop 1.1.1.1


route-map TEST permit 20

match ip address 102

set ip next-hop 2.2.2.2



interface f0/0 (whatever your inside interface is)

ip policy route-map TEST


You then no longer need your static route.

a.crippa Tue, 07/01/2008 - 01:25
User Badges:

Hi, you understand perfectly, it seems easy... but now I have also some static NAT/PAT (for servers that I don't want change) and dynamic NAT (for clients).

Then I cannot change IP ranges. Can I make a access-list with subnet like that:


access-list 107 permit ip 192.168.254.192 0.0.0.63 any (all server ip are higher then 192)

access-list 108 permit ip 192.168.254.0 0.0.0.63 any

access-list 108 permit ip 192.168.254.64 0.0.0.63 any

access-list 108 permit ip 192.168.254.128 0.0.0.63 any



route-map TEST permit 10

match ip address 107

set ip next-hop 1.1.1.1 (old adsl)


route-map TEST permit 20

match ip address 108

set ip next-hop 2.2.2.2 (new adsl)


Thank a lot

Augusto




mpatus Tue, 07/01/2008 - 05:47
User Badges:

Yes those ACLs should work just fine.

Actions

This Discussion