03-06-2010 01:49 PM - edited 03-04-2019 07:44 AM
Hi
I have a router which is connected to two different ISPs. From my host network, the traffic is passed to firewall where global PAT is configured and than this traffic is forwarded to Router for further forwarding.
Now my requirement is that I want all my web traffic (PORT 80) will be passed through one route and all other traffic whose destination is not port 80 should pass through other ISP.
I tried Policy Based Routing but it only routes the traffic from one policy routing and rejecting the policy which is for PORT 80.
I will extremely greatful if you kindly help me in this regard.
Mansoor Hafeez
Solved! Go to Solution.
03-06-2010 01:58 PM
mansoorhafeez wrote:
Hi
I have a router which is connected to two different ISPs. From my host network, the traffic is passed to firewall where global PAT is configured and than this traffic is forwarded to Router for further forwarding.
Now my requirement is that I want all my web traffic (PORT 80) will be passed through one route and all other traffic whose destination is not port 80 should pass through other ISP.
I tried Policy Based Routing but it only routes the traffic from one policy routing and rejecting the policy which is for PORT 80.
I will extremely greatful if you kindly help me in this regard.
Mansoor Hafeez
Mansoor
It would have helped if you had posted your config but it should look something like this -
access-list 101 permit tcp any any eq 80
access-list 102 permit ip any any
route-map PBR permit 10
match ip address 101
set ip next-hop
route-map PBR permit 20
match ip address 102
set ip next-hop
Couple of things to note
1) if you switch the above 2 statements around then all traffic would always match acl 102 and never get to the second route-map statement.
2) actually you do not need the 2nd statement above. You can do -
set the default route to ISP that you do not want port 80 traffic to go to -
ip route 0.0.0.0 0.0.0.0
and then just have the first PBR statement from above ie.
route-map PBR permit 10
match ip address 101
set ip next-hop
Jon
03-06-2010 02:05 PM
How did you set up your ACL and Route-Map?
If you create multiple route-maps
route-map 10 with a set of matches and set commands
then
route-map 20 with a set of matches and set commands
Use the most preferred set of traffic first since the rule is read from top down.
I would try something like this:
access-list extended Web-Only-ISP-A
permit tcp any any eq 80
!
access-list extended Default-ISP-B
permit ip any any
!
route-map Traffic-Shaping permit 10
match ip address Web-Only-ISP-A
set ip next-hop
!
route-map Traffic-Shaping permit 20
match ip address Default-ISP-B
set next-hop
Then set the route-map to the interface and test.
http://www.itsyourip.com/cisco/how-to-setup-ip-policy-based-routing-in-cisco-routerios/
HTH
-Rick
03-06-2010 02:11 PM
Rick
It's always a relief when the people answering questions agree with each other
Jon
03-06-2010 01:58 PM
mansoorhafeez wrote:
Hi
I have a router which is connected to two different ISPs. From my host network, the traffic is passed to firewall where global PAT is configured and than this traffic is forwarded to Router for further forwarding.
Now my requirement is that I want all my web traffic (PORT 80) will be passed through one route and all other traffic whose destination is not port 80 should pass through other ISP.
I tried Policy Based Routing but it only routes the traffic from one policy routing and rejecting the policy which is for PORT 80.
I will extremely greatful if you kindly help me in this regard.
Mansoor Hafeez
Mansoor
It would have helped if you had posted your config but it should look something like this -
access-list 101 permit tcp any any eq 80
access-list 102 permit ip any any
route-map PBR permit 10
match ip address 101
set ip next-hop
route-map PBR permit 20
match ip address 102
set ip next-hop
Couple of things to note
1) if you switch the above 2 statements around then all traffic would always match acl 102 and never get to the second route-map statement.
2) actually you do not need the 2nd statement above. You can do -
set the default route to ISP that you do not want port 80 traffic to go to -
ip route 0.0.0.0 0.0.0.0
and then just have the first PBR statement from above ie.
route-map PBR permit 10
match ip address 101
set ip next-hop
Jon
03-11-2010 05:11 AM
Hi Jon
Thanks a lot for this help.
This configuration works for me fine. But with this i have another issue.
The port 80 traffic is routed through ISP B and other than port 80 traffic is routed via ISP A. The default route is configured for ISP A.
Now the problem is if my ISP A link is down than the tarffic other than port 80 is not routed via ISP B.
If ISP B is down than traffic of Port 80 is not routed via ISP A.Only traffic other than Port 80 is routed via ISP A.
Can you please check and tell what can be the possible solution for that issue.
Thanks in advance for answer.
With Best Regards
Mansoor Hafeez
03-11-2010 10:22 AM
Mansoor
Easiest thing is to do this -
1) Add a second default-route on your router with an AD (Administrative Distance) of 250 ie.
ip route 0.0.0.0 0.0.0.0
the above route will not be used unless your existing default-route is removed from the routing table ie. the link fails. Then the above route will send all traffic to ISP B. If the ISP A link comes back then the above route will be replaced by the original default-route.
2) for the PBR config -
route-map PBR permit 10
match ip address 101
set ip next-hop
the ISP A next-hop will only be used if the ISP B address is unavailable.
Try this config. We may need to use IP SLA depending on your connection types but try the above first.
Jon
03-06-2010 02:05 PM
How did you set up your ACL and Route-Map?
If you create multiple route-maps
route-map 10 with a set of matches and set commands
then
route-map 20 with a set of matches and set commands
Use the most preferred set of traffic first since the rule is read from top down.
I would try something like this:
access-list extended Web-Only-ISP-A
permit tcp any any eq 80
!
access-list extended Default-ISP-B
permit ip any any
!
route-map Traffic-Shaping permit 10
match ip address Web-Only-ISP-A
set ip next-hop
!
route-map Traffic-Shaping permit 20
match ip address Default-ISP-B
set next-hop
Then set the route-map to the interface and test.
http://www.itsyourip.com/cisco/how-to-setup-ip-policy-based-routing-in-cisco-routerios/
HTH
-Rick
03-06-2010 02:06 PM
haha...Jon you just beat me to this. Glad to see I had the same thing!
03-06-2010 02:11 PM
Rick
It's always a relief when the people answering questions agree with each other
Jon
03-11-2010 05:52 AM
Thanks a lot for this help.
This configuration works for me fine. But with this i have another issue.
The port 80 traffic is routed through ISP B and other than port 80 traffic is routed via ISP A. The default route is configured for ISP A.
Now the problem is if my ISP A link is down than the tarffic other than port 80 is not routed via ISP B.
If ISP B is down than traffic of Port 80 is not routed via ISP A.Only traffic other than Port 80 is routed via ISP A.
Can you please check and tell what can be the possible solution for that issue.
Thanks in advance for answer.
With Best Regards
Mansoor Hafeez
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide