Isolating WAN traffic

Unanswered Question
Sep 9th, 2008

we have a 6 mg WAN pipe and a DSL connection would like to isolate the traffic to either the 6mg or the DSL by protocol or destination.

is anyone moving WAN traffic like that?

Thanks, Gary

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 09/09/2008 - 09:39

Hello Gary,

in the outbound direction towards internet you can use PBR to use different criteria then just destination based routing.

PBR= policy based routing uses route-maps and the command has to be applied on the lan interface(s) that receive the traffic to be sent outbound.

the route-map can reference an extended ip access-list where you can define what protocols you want to reroute.

Example:

access-list 125 permit tcp any any eq 80

route-map pbr-web permit 10

match ip address 125

set ip next-hop next-hop.on.-adsl

what doesn't need to be rerouted can use normal routing and what doesn't match the route-map is not dropped but routed normally

on lan interface

int fas0/0

ip policy route-map pbr-web

For the traffic inbound coming from internet much less control is possible.

Hope to help

Giuseppe

garyrivers Tue, 09/09/2008 - 10:21

route-map pbr-web permit 10

match ip address 125

set ip next-hop next-hop.on.-adsl

next-hop.on.-adsl = the IP of my DSL interface connected to my LAN, correct?

Giuseppe Larosa Tue, 09/09/2008 - 10:54

Hello Gary,

the next-hop ip address must be that on the other end of the DSL link not the one on your router : it is the same ip address you would use as next-hop in a static route.

otherwise you can use set interface name the name of your DSL interface that would be atm0 or atm0/0 or similar.

Hope to help

Giuseppe

garyrivers Tue, 09/09/2008 - 11:30

We have an ASA 5505 between the cable modem and the path that we want some traffic to go out of. the ASA's interface that's connecting to the house router is called KWCH_LAN.

Giuseppe Larosa Tue, 09/09/2008 - 13:06

Hello Gary,

in this case the ip next-hop is that of the ASA 5505 towards the router where you want to configure PBR.

But the ASA needs to send out to the cable modem everything it receives in the internal lan interface (a default-route pointing to the cable-modem)

Hope to help

Giuseppe

garyrivers Tue, 09/09/2008 - 14:03

okay, it's getting clearer.

i'll take a look at it.

Thanks for your help.

Actions

This Discussion