Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
5
Replies

Redirecting http traffic through the originating interface

gondarmonn
Level 1
Level 1

‎08-20-2008 01:26 AM - edited ‎03-03-2019 11:12 PM

I have been scratching my head for quite a while on this one ...

We are a wisp, getting our internet connection from 6 DSL lines through 2 cisco boxes (3 lines on each). The cisco boxes feed a linux machine with 3 Nics that redistribute the traffic in our network. Everything works fine, except that the http requests coming from outside are only answered if coming through one of the 2 cisco boxes (let's say R1) .Unless R1 is disconnected from the network, the requests coming from the links attached to R2 are never answered (time out)- Looks like the linux box always tries to send the http traffic back through R1, even though the request comes from the other links -

We have decided to replace the linux box with another cisco router to make it easier ?

Is it possible to configure a route map to redirect the answer through the same interface it came from ?

How do I go about that ?

Where should I configure the route map ? R1 ? R2 ? Or New Cisco box ?

On wich interface should I apply the route map ?

Thanks for your help !

Labels:
0 Helpful
5 Replies 5

bwilmoth
Level 5
Level 5

‎08-26-2008 12:04 PM

You may try configuring the route map to redirect the answer through the same interface it came from using “set interface” command. The “set interface” command indicates where to output packets that pass a match clause of a route map for policy routing. The following URL may help you:

http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_o1gt.html#wp1066167

0 Helpful

gondarmonn
Level 1
Level 1
In response to bwilmoth

‎08-26-2008 09:18 PM

Sorry I did not reply right away, will take a deeper look ( I have gone through most of the stuff there ...) at the article and get back to you

Thanks a lot !

Gondar

PS: As I said on double post, it looks like the command 'ip cef load-sharing algorithm original' on the main gateway (cisco box between our network and R1 and R2 (2 cisco routers each connected to 3 DSL lines) helps get rid of the time-out problem ...

0 Helpful

gondarmonn
Level 1
Level 1
In response to bwilmoth

‎08-27-2008 09:13 AM

Just to make sure we are talking about the same thing, here what I understood:

1- The cisco gateway is connected to 2 border gateways (if I can use this word .... routers connected to our provider) e1/0 and e1/1

2- Our network is on f0/0 of the cisco gateway

3- Let's say 10.10.10.1 is the web server

4- My ACL would be:

access-list 100 permit tcp any eq www host 10.10.10.1

5- Route map

route-map WebAccess1 permit

match ip address 100

set interface e1/0

route-map WebAccess2 permit

match ip address 100

set interface e1/1

6- Apply the route-maps WebAccess1 and WebAccess2 to respectively e1/0 and e1/1 ?

Thanks for your help

0 Helpful

gondarmonn
Level 1
Level 1
In response to gondarmonn

‎09-20-2008 12:49 PM

Looks like I am mumbling to myself, maybe someone will kindly step in and help me ....

We finally did put in place a 3rd router to get rid of the linux box ... I will go over the setup again:

6 DSL links coming from provider, 3 going into one 2600 (R1), 3 others going into another 2600 (R2).

R1 and R2 are connected to the main gateway, a 7204VXR

All routers run cef (original algorithm ) to ensure per destination load sharing.

Everything works fine except web access from the ISP side (works fine from inside)

Something weird though, if the web request is made via SSL (https) then the web server answers (or the request gets to the web server I should say) any request through http don't even hit the server (time out)

One thing I am thinking is that maybe our provider runs per-packet load sharing on it side ? I would like to make sure everything is right on our end before talking with them

Some one have some pointers ?

Thank you for any help

0 Helpful

gondarmonn
Level 1
Level 1
In response to gondarmonn

‎10-07-2008 08:43 AM

Finally solved it !!!

Everything at our end was working smoothly (per destination load sharing), the problem was with one of the links from our provider .... They still can't figure out what the problem is, but after much testing, we found out that the problem was happening (time out when trying to access our web site) only when going through that link. We asked for the route to be removed while they look into it .... and ... voila !!!

It is all good !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card