08-14-2009 08:30 PM - edited 03-06-2019 07:15 AM
Hi ALL
I have a Internet Router with ADSL and Serial Module , I want that only SMTP traffic will go through the Lease Line and rest i.e. http ftp https etc should go out from ADSL.
Regards/Asfar
08-14-2009 09:49 PM
Hi
I am configuring my router like this
!
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
ip policy route-map ADSL
ip nat inside
duplex auto
speed auto
!
interface Serial0/1/0
ip address xx.xx.xx.xx 255.255.255.252
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
!
interface ATM0/3/0
no ip address
ip virtual-reassembly
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/50
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip virtual-reassembly
encapsulation ppp
ip nat outside
dialer pool 1
dialer idle-timeout 2147483
dialer-group 1
no cdp enable
ppp authentication pap callin
!
ip nat inside source route-map ADSL interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
!
!
access-list 1 permit any
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 8080
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq domain
access-list 102 permit udp any any eq domain
!
route-map ADSL permit 10
match ip address 102
set interface Dialer1
Check if i am doing any thing wrong
Regards/Asfar
08-14-2009 10:10 PM
This is a little different than what you initially said.
The configuration should work in terms of PBR. But any non matching traffic on the ACL 102 will be going over your leased line and that will not only be SMTP.
If you want to send ONLY smtp traffic over serial, match only this one in an ACL and set the interface to serial, and all the other ones, send it to the dialer (as default route)?
ip route 0.0.0.0 0.0.0.0 dialer 1
access-list 102 permit tcp any any eq smtp
route-map ADSL permit 10
match ip address 102
set interface s0/1/0
route-map ADSL permit 20
set default interface dialer 1
If you log your acl, you will see if this works or not, and you can debug it if anything is missing.
08-14-2009 10:15 PM
Thanks Iavramov for your reply
Sorry for the confusion , let me make my question in this way
I want to send http https ftp traffic to ADSL and rest to LL . what willbe the configuration now.
Can you please check my NAT statements , is it right.
Thanks
08-14-2009 10:17 PM
You only need 1 nat statement for interface overload as you have probably one ip from your ISP.
With this NAT statement you should be able to go outside your ADSL.
08-14-2009 10:29 PM
You mean to say my configuration for NAT looks like this
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
ip policy route-map ADSL
ip nat inside
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip virtual-reassembly
encapsulation ppp
ip nat outside
dialer pool 1
dialer idle-timeout 2147483
dialer-group 1
no cdp enable
ppp authentication pap callin
!
ip nat inside source route-map ADSL interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
!
!
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 8080
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq domain
access-list 102 permit udp any any eq domain
!
route-map ADSL permit 10
match ip address 102
set interface Dialer1
08-14-2009 10:32 PM
you can keep ip nat inside source interface Dialer1 overload, you already match the route-map on the f0/0 interface, dont use a route-map with the nat statement.
08-14-2009 10:38 PM
Can you please explain whats the difference in my scenarion if i will use any of the following
access-list 1 permit any
ip nat inside source list 1 interface dialer1 overload
and
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 8080
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq ftp-data
access-list 102 permit udp any any eq domain
access-list 102 permit tcp any any eq domain
route-map ADSL permit 10
match ip address 102
set interface Dialer1
ip nat inside source route-map ADSL interface Dialer1 overload
Regards/Asfar
08-14-2009 10:55 PM
1. its an equivalent command, you add an access list but you permit any, so it's useless.
2. you dont need to call this route-map in nat as you already do in the f0/0 interface.
read more about nat to understand:
and more generally:
this should resolve your post
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: