Cisco 2821 router with two WAN interfaces

Answered Question
Apr 7th, 2010

Hi!

I am configuring a Cisco 2821 router equipped with two WAN interfaces giving access to the Internet.

The router is equipped with an ADSL card and an SHDSL card.

There are two WAN lines, the ADSL line will be used for browsing and the IPoSHDSL line with its public static ip addresses will be used for email and web server hosting.

I have done a configuration and it is partly working meaning that I can get access to the Internet either through the ADSL line or through the IPoSHDSL line both not through both at the same time.

I have already natted the IP addresses of the mail and proxy servers using the ASA 5510. Please see attached topology.

On the Outside zone:

The IP add of the mail server changes from 172.22.84.21/24 to 10.0.0.55/8.

The IP add of the proxy server changes from 172.22.84.35/24 to 10.0.0.35/8.

I have checked using the sh xlate command.

I have used a route-map configuration on the router, but I think it is not working as expected.

I should be able to access the ADSL line for browsing (through Dialer1) and also the IPoSHDSL line (BVI1) for emails to be routed to the Internet. (192.168.75.37/30 is router at ISP for IPoSHDSL line)

The proxy server should access Internet through Dialer 1 and the mail server should access Internet through the BVI1 interface.

Please see the attached router configuration.

Is there a better way to perform the PBR?

Thanks,

Alvin

I have this problem too.
0 votes
Correct Answer by DialerString_2 about 6 years 9 months ago

Try this but you may have to tweak the acl's to make them more specific.

access-list 101 deny ip 10.0.0.55 0.0.0.0 any
access-list 101 permit ip any any
!
access-list 102 deny ip 10.0.0.35 0.0.0.0 any
access-list 102 permit ip any any
!
route-map ABCD permit 10
match ip address 101
set interface dialer0

set interface bvi1 - backp if di0 goes down.
!
route-map ABCD permit 20
match ip address 102
set interface bvi1

set interface di0 - backup if bvi goes down.


!
interface f0/0
desc 2811
ip address 10.0.0.10 255.0.0.0
ip policy route-map ABCD


You can use the below extended acls also:

access-list 101 permit ip host 10.0.0.35 any
!
access-list 102 permit ip host 10.0.0.55 any

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
csawest.dc Wed, 04/07/2010 - 13:11

Dear Vencataswamy,

Please do some change in your route-map

here your route-map

route-map Browsing permit 10
match ip address 101
set interface Dialer1

pl change into

route-map Browsing permit 10
match ip address 101
set ip next-hop interface Dialer1


!

Cheers!!!

hope to help.

Vaib...

net buzz Thu, 04/08/2010 - 01:02

Dear Vaib,

I tried the comand you suggested and it is not available..

The command set ip next-hop interface Dialer1 is not present in the command list.

I have previously used the set interface Dialer1 command but the route-map is not working.


This can be because there are two defaults routes:

ip route 0.0.0.0 0.0.0.0 Dialer1 (For ADSL access)
ip route 0.0.0.0 0.0.0.0 192.168.75.37 (For access to ISP router for smtp traffic)

Actually all proxy server traffic should be directed to the ADSL line.

Outgoing email from exchange server should be directed to the IPoSHDSL line.

Regards,

Alvin

DialerString_2 Thu, 04/08/2010 - 14:45

The route-maps will have priority over the static  and dynamic routes. Is your route map applied to the appropriate interface or local to the router :

interface f0/0
ip policry route-map routemap_name
or
ip local policy route-map routemap_name

Just say I have two networks,  a backup (DSL) and primary (T1) and I would like for all traffic -except for "anything" destined to the 10.0.0.0/24- to use the DSL I would do something like this:
!!!!!!!!!!!!!!!!!!!!!
interface f0/0
description LAN to inside users
ip policy route-map www
!
access-list 101 deny ip  any 10.0.0.0 0.0.0.255
access-list 101 permit ip any any
!
route-map www permit 10
match ip address 101
set ip next-hop 192.168.10.2  38.38.38.2
or
set interface DI0
set interface s0/0/0
!
int di0
description dsl
ip address 192.168.10.1 255.255.255.252  (next hop is 192.168.10.2)
!
int s0/0/0
desc T1
ip address 38.38.38.1 255.255.255.252 (next hop is 38.38.38.2)
!!!!!!!!!!!!!

The default routes you have will not accomplish what your looking for b/c those are gateways of last resort.  Keep in mind I only got the diagram of the network and the acutual config was not attached. You can create the acl to sort the traffic accordingly.

Correct Answer
DialerString_2 Thu, 04/08/2010 - 15:11

Try this but you may have to tweak the acl's to make them more specific.

access-list 101 deny ip 10.0.0.55 0.0.0.0 any
access-list 101 permit ip any any
!
access-list 102 deny ip 10.0.0.35 0.0.0.0 any
access-list 102 permit ip any any
!
route-map ABCD permit 10
match ip address 101
set interface dialer0

set interface bvi1 - backp if di0 goes down.
!
route-map ABCD permit 20
match ip address 102
set interface bvi1

set interface di0 - backup if bvi goes down.


!
interface f0/0
desc 2811
ip address 10.0.0.10 255.0.0.0
ip policy route-map ABCD


You can use the below extended acls also:

access-list 101 permit ip host 10.0.0.35 any
!
access-list 102 permit ip host 10.0.0.55 any

Actions

This Discussion