10-07-2008 07:46 PM - edited 03-03-2019 11:49 PM
Hi all,
I know that a single router can have two default routes on it but with varying priorities, but is it possible to configure the router in such a way that customer A goes to one default route whereas customer B goes through the other default route? Customer A and Customer B are connected to this router via different interfaces. So basically the idea is that Customer A goes to the internet via default route A and customer B goes to the internet via default route B. And all these guys are connected to the same router.
Any help is greatly appreciated.
Thanks!
Solved! Go to Solution.
10-08-2008 12:49 AM
lets say u have to defual routes like
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.2
and i will assume sourceA IPs 192.168.1.0/24
and sourceB 10.1.1.0/24
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 10.1.1.10 0.0.0.255
policy-map A permit 10
match ip address 1
set ip next-hop 1.1.1.1
policy-map Bpermit 10
match ip address 2
set ip next-hop 2.2.2.2
apply policy A to the interface that customerA come through and the same idea for B
good luck
if helpful Rate
10-07-2008 08:33 PM
Sure can.
Create a policy map for each customer and assign it the interface they connect to. In the policy map set the next hop address to the gateway of your choice.
eg. (forgive any command hiccups, i'm going from memory)
config)# interface _whatever_
if)# ip policy route-map _whatever_
map)# set ip default next-hop _whatever_
HTH
Cheers
Scott
10-07-2008 08:35 PM
Just a thought on that actually, you will need to create a match condition.
ie.
config)#ip access-list extended CustomerA
config)#permit ip any any [or wahtever is appropraite]
config)#ip policy route-map _whatever_
map)#match list CustomerA
HTH
Cheers
Scott
10-08-2008 12:03 AM
For more information on PBR refer to:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfindep.html#wp1025915
http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml
For more information on default routes refer to:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml
10-08-2008 12:49 AM
lets say u have to defual routes like
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.2
and i will assume sourceA IPs 192.168.1.0/24
and sourceB 10.1.1.0/24
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 10.1.1.10 0.0.0.255
policy-map A permit 10
match ip address 1
set ip next-hop 1.1.1.1
policy-map Bpermit 10
match ip address 2
set ip next-hop 2.2.2.2
apply policy A to the interface that customerA come through and the same idea for B
good luck
if helpful Rate
10-08-2008 12:56 PM
Hello Muhammad,
if the two customers have also to be isolated and never talk to each other I would go to use VRF lite on your router:
this will allow you to have customerA and ISPA in a routing table and customerB and ISPB in another routing table
If this can be interesting for you look at
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/vrf.html
otherwise PBR can be a good starting point as well explained in previous posts
Hope to help
Giuseppe
10-15-2008 12:43 PM
Does anyone know if I can do something similar on an ASA5510 firewall. I added a new connection to our device to be used for VPN traffic only. The only problem is I have a lot of remote access clients and L2L sites set up already and need to to move them one at a time. So changing my default route all in one fell swoop would nearly be impossible. I know I can do the L2L with Static routes, but the remote access clients are another story.
10-15-2008 12:43 PM
Does anyone know if I can do something similar on an ASA5510 firewall. I added a new connection to our device to be used for VPN traffic only. The only problem is I have a lot of remote access clients and L2L sites set up already and need to to move them one at a time. So changing my default route all in one fell swoop would nearly be impossible. I know I can do the L2L with Static routes, but the remote access clients are another story.
10-15-2008 06:31 PM
Hello folks, thank you for the feedback. I haven't had a chance to try this out yet but I definitely will and subsequently rate your posts. Thanks again for the help.
01-15-2019 06:43 AM
In my case: I want to apply IPsec on that both interfaces,& I don't know the next hop ip's of ISP.
How I can run IPsec on both interfaces with two default routes. It should always ipsec up state with single public ip (destination).
Can anyone help me.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: