10-05-2008 06:18 AM - edited 03-03-2019 11:47 PM
Thanks for reading,
We have just purchased a CISCO 1811 router and having no luck in configuring it. I started by using SDM to configure the router but quickly moved to telnet when SDM would not allow me to configure everything required.
Right enough with the background, here is my issue: I have a Satellite service running on FE0 and a ADSL service running on FE1. The FE0 is set with a static IP address and the FE1 is PPPOE to a simple modem with no firewall or NAT. So FE1 is currently just being the Dialer0 to use PPPOE pass-through.
What I am looking to do is have the Site-Site connection going over the Satellite service while pushing all the HTTP/HTTPs taffice through FE1. As most of you are aware Sat services carry high latency so I want Users browsing experiences to be quick while I am not so bothered about the Site-Site traffic which will be company based.
I have managed to configure the FE0 & FE1 so that both are up and online. FE0 has no issues and currently everything is working over the Sat service. I need to find someway of telling the CISCO to route web taffice over the ADSL. I am not bothered with load balancing at present so there is no need to failover. However if anyof you are able to provide a solution with failover then all the better.
Ok last but not least this is my running config from the box; I have *** some entries but if you require them please e-mail me direct. You will find the config attached to this post.
Hope I have given enough info above. Any question please post back or e-mail me direct. If any of you CISCO experts out there read this I am sure this is a walk in the park for you! Thanks in advance!
10-05-2008 08:28 AM
Match the traffic:
class-map match-any ASDL.TRAFFIC
match protocol http
match protocol secure-http
match protocol ftp
match protocol secure-ftp
match protocol secure-imap
Set the precedence for use in policy based routing:
policy-map ASDL.TRAFFIC
class ASDL.TRAFFIC
set ip precedence 1
Create the route-map for policy based routing, set the next-hop to that of the ASDL:
route-map ASDL.TRAFFIC permit 10
match ip address ASDL.TRAFFIC
set ip next-hop x.x.x.x
Apply both of these to the incoming interface
interface vlan1
ip address x.x.x.x y.y.y.y
ip policy route-map ASDL.TRAFFIC
service-policy input ASDL.TRAFFIC
10-05-2008 08:32 AM
Forgot to include the ACL to match on precedence:
ip access-list extended ASDL.TRAFFIC
permit ip any any precedence priority
10-05-2008 09:25 AM
Thats great, thanks for your help! Just one question; do I need to do anything with the NAT? When I was trying to get something like this to work last time the NAT seemed to cause an issue... I was under the impression I have to put in a 'ip route'? like this:
ip route 0.0.0.0 0.0.0.0 85.***.***.1**
Also the ADSL line has a Dynamic IP. Does that effect what you have provided me?
Sorry to be a pain! As you can tell new to CISCO. Used to working with Draytek and I can hear you sigh now. ha ha.
10-05-2008 10:08 AM
Ok, I took a closer look at your config. Why not change the ip nat statement to point to the ASDL
From this:
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
To this:
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet1 overload
Change your routes from this:
ip route 0.0.0.0 0.0.0.0 85.***.***.1**
to:
ip route 0.0.0.0 0.0.0.0 fa0/1
! Direct traffic out the ASDL
ip route 8*.7*.***.1 0.0.0.0 85.***.***.1**
! Add a specific route for the crypto tunnel via the SAT
Traffic by default is directed out the ASDL, NAT overload is enabled. A more specific route points the tunnel traffic out of the SAT link. The only thing you would need to add is a route for site to site traffic over the tunnel.
10-05-2008 11:09 AM
Thanks for your reply! Yes I can see that would be the best way of doing it.
Not sure if you looked in the config at this but SDM_RMAP_1 is assigned to the VPN tunnel. Think SDM created this when I setup the Site-Site link through it.
I think I will remove all ACL rules to start with till the connections are stable as I dont want to lock myself out.
If I edit the config file to your recommendation would you kindly mind checking it over and make sure I have got things right?
Thanks again, I consulted a company here in the UK and they said this would have to be a CISCO engineer project of thousands. I didnt see why it was so hard to do. Maybe they were trying to over complicate things.
10-05-2008 12:25 PM
Ok I have edited the config to reflect what I hope is correct.
I have added an addtional route-map and put that as nat overload on FE0 if that will work?
I have also added the code from you last post.
Would you mind just looking over Trial-Config.txt and seeing what you think?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: