I am configuring a Cisco 2821 router equipped with two WAN interfaces giving access to the Internet.
The router is equipped with an ADSL card and an SHDSL card.
There are two WAN lines, the ADSL line will be used for browsing and the IPoSHDSL line with its public static ip addresses will be used for email and web server hosting.
I have done a configuration and it is partly working meaning that I can get access to the Internet either through the ADSL line or through the IPoSHDSL line both not through both at the same time.
I have already natted the IP addresses of the mail and proxy servers using the ASA 5510. Please see attached topology.
On the Outside zone:
The IP add of the mail server changes from 172.22.84.21/24 to 10.0.0.55/8.
The IP add of the proxy server changes from 172.22.84.35/24 to 10.0.0.35/8.
I have checked using the sh xlate command.
I have used a route-map configuration on the router, but I think it is not working as expected.
I should be able to access the ADSL line for browsing (through Dialer1) and also the IPoSHDSL line (BVI1) for emails to be routed to the Internet. (192.168.75.37/30 is router at ISP for IPoSHDSL line)
The proxy server should access Internet through Dialer 1 and the mail server should access Internet through the BVI1 interface.
Please see the attached router configuration.
Is there a better way to perform the PBR?
Try this but you may have to tweak the acl's to make them more specific.
access-list 101 deny ip 10.0.0.55 0.0.0.0 any
access-list 101 permit ip any any
access-list 102 deny ip 10.0.0.35 0.0.0.0 any
access-list 102 permit ip any any
route-map ABCD permit 10
match ip address 101
set interface dialer0
set interface bvi1 - backp if di0 goes down.
route-map ABCD permit 20
match ip address 102
set interface bvi1
set interface di0 - backup if bvi goes down.
ip address 10.0.0.10 255.0.0.0
ip policy route-map ABCD
You can use the below extended acls also:
access-list 101 permit ip host 10.0.0.35 any
access-list 102 permit ip host 10.0.0.55 any