cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18873
Views
12
Helpful
9
Replies

Router with two default routes

WabukiSensei
Level 1
Level 1

Hi all,

I know that a single router can have two default routes on it but with varying priorities, but is it possible to configure the router in such a way that customer A goes to one default route whereas customer B goes through the other default route? Customer A and Customer B are connected to this router via different interfaces. So basically the idea is that Customer A goes to the internet via default route A and customer B goes to the internet via default route B. And all these guys are connected to the same router.

Any help is greatly appreciated.

Thanks!

1 Accepted Solution

Accepted Solutions

lets say u have to defual routes like

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2

and i will assume sourceA IPs 192.168.1.0/24

and sourceB 10.1.1.0/24

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 10.1.1.10 0.0.0.255

policy-map A permit 10

match ip address 1

set ip next-hop 1.1.1.1

policy-map Bpermit 10

match ip address 2

set ip next-hop 2.2.2.2

apply policy A to the interface that customerA come through and the same idea for B

good luck

if helpful Rate

View solution in original post

9 Replies 9

Scott Cannon
Level 1
Level 1

Sure can.

Create a policy map for each customer and assign it the interface they connect to. In the policy map set the next hop address to the gateway of your choice.

eg. (forgive any command hiccups, i'm going from memory)

config)# interface _whatever_

if)# ip policy route-map _whatever_

map)# set ip default next-hop _whatever_

HTH

Cheers

Scott

Just a thought on that actually, you will need to create a match condition.

ie.

config)#ip access-list extended CustomerA

config)#permit ip any any [or wahtever is appropraite]

config)#ip policy route-map _whatever_

map)#match list CustomerA

HTH

Cheers

Scott

lets say u have to defual routes like

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2

and i will assume sourceA IPs 192.168.1.0/24

and sourceB 10.1.1.0/24

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 10.1.1.10 0.0.0.255

policy-map A permit 10

match ip address 1

set ip next-hop 1.1.1.1

policy-map Bpermit 10

match ip address 2

set ip next-hop 2.2.2.2

apply policy A to the interface that customerA come through and the same idea for B

good luck

if helpful Rate

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Muhammad,

if the two customers have also to be isolated and never talk to each other I would go to use VRF lite on your router:

this will allow you to have customerA and ISPA in a routing table and customerB and ISPB in another routing table

If this can be interesting for you look at

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/vrf.html

otherwise PBR can be a good starting point as well explained in previous posts

Hope to help

Giuseppe

Does anyone know if I can do something similar on an ASA5510 firewall. I added a new connection to our device to be used for VPN traffic only. The only problem is I have a lot of remote access clients and L2L sites set up already and need to to move them one at a time. So changing my default route all in one fell swoop would nearly be impossible. I know I can do the L2L with Static routes, but the remote access clients are another story.

Does anyone know if I can do something similar on an ASA5510 firewall. I added a new connection to our device to be used for VPN traffic only. The only problem is I have a lot of remote access clients and L2L sites set up already and need to to move them one at a time. So changing my default route all in one fell swoop would nearly be impossible. I know I can do the L2L with Static routes, but the remote access clients are another story.

Hello folks, thank you for the feedback. I haven't had a chance to try this out yet but I definitely will and subsequently rate your posts. Thanks again for the help.

In my case: I want to apply IPsec on that both interfaces,&  I don't know the next hop ip's of ISP. 

How I can run IPsec on both interfaces with two default routes. It should always ipsec up state with single public ip (destination).

 

Can anyone help me.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: