Isolating WAN traffic

Unanswered Question
Sep 9th, 2008
User Badges:

we have a 6 mg WAN pipe and a DSL connection would like to isolate the traffic to either the 6mg or the DSL by protocol or destination.

is anyone moving WAN traffic like that?


Thanks, Gary

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 09/09/2008 - 09:39
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Gary,

in the outbound direction towards internet you can use PBR to use different criteria then just destination based routing.


PBR= policy based routing uses route-maps and the command has to be applied on the lan interface(s) that receive the traffic to be sent outbound.

the route-map can reference an extended ip access-list where you can define what protocols you want to reroute.


Example:

access-list 125 permit tcp any any eq 80


route-map pbr-web permit 10

match ip address 125

set ip next-hop next-hop.on.-adsl


what doesn't need to be rerouted can use normal routing and what doesn't match the route-map is not dropped but routed normally


on lan interface


int fas0/0

ip policy route-map pbr-web


For the traffic inbound coming from internet much less control is possible.


Hope to help

Giuseppe


garyrivers Tue, 09/09/2008 - 10:21
User Badges:

route-map pbr-web permit 10

match ip address 125

set ip next-hop next-hop.on.-adsl


next-hop.on.-adsl = the IP of my DSL interface connected to my LAN, correct?

Giuseppe Larosa Tue, 09/09/2008 - 10:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Gary,

the next-hop ip address must be that on the other end of the DSL link not the one on your router : it is the same ip address you would use as next-hop in a static route.


otherwise you can use set interface name the name of your DSL interface that would be atm0 or atm0/0 or similar.


Hope to help

Giuseppe


garyrivers Tue, 09/09/2008 - 11:30
User Badges:

We have an ASA 5505 between the cable modem and the path that we want some traffic to go out of. the ASA's interface that's connecting to the house router is called KWCH_LAN.

Giuseppe Larosa Tue, 09/09/2008 - 13:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Gary,

in this case the ip next-hop is that of the ASA 5505 towards the router where you want to configure PBR.


But the ASA needs to send out to the cable modem everything it receives in the internal lan interface (a default-route pointing to the cable-modem)


Hope to help

Giuseppe


garyrivers Tue, 09/09/2008 - 14:03
User Badges:

okay, it's getting clearer.

i'll take a look at it.


Thanks for your help.

Actions

This Discussion