Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2621 - 2 LANs, 2 ISPs, 2 PIXs

I have A 2621 router connecting 2 LANs, each with its own Internet connection via a PIX. I can oommunicate between the LANs, but only 1 can access the internet via its own ISP connection. Any help appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

The default routes that are configured on the 2600 are inconsistent as they can't tell which packets can use which default route, accordingly use the following configuration (PBR configuration):

interface FastEthernet0/0

ip address 10.38.77.35 255.255.255.0

ip policy route-map LAN1

speed auto

half-duplex

interface FastEthernet0/1

ip address 192.168.0.35 255.255.255.0

ip policy route-map LAN2

speed auto

half-duplex

route-map LAN1 permit 10

match ip address 1

set ip default next-hop 10.38.77.130

route-map LAN2 permit 10

match ip address 2

set ip default next-hop 192.168.0.4

access-list 1 deny 10.38.77.30 0.0.0.0

access-list 1 deny 10.38.77.130 0.0.0.0

access-list 1 permit 10.38.77.0 0.0.0.255

access-list 2 deny 192.168.0.4 0.0.0.0

access-list 2 permit 192.168.0.0 0.0.0.255

no ip route 0.0.0.0 0.0.0.0 192.168.0.4

no ip route 0.0.0.0 0.0.0.0 10.38.77.130

please keep me updated with your final results.

HTH, please rate if it does help,

Mohammed Mahmoud.

17 REPLIES

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

Can you please post your 2600 configuration.

BR,

Mohammed Mahmoud.

New Member

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Attached is sho-run.

The 2 LANs are independant. Both are communicating, but only the 10.38.77.0 LAN is able to get to the Internet.

Add'l info -

1. the 10.38.77.0 LAN goes thru the 2621, then thru a T1 Router, then thru a PIX.

2. the 192.168.0.0 LAN goet thru the 2621, then thru a cable router, then thru a different PIX.

Thanks for any help.

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

hi,

I guess that:

ip route 0.0.0.0 0.0.0.0 192.168.0.4 (this is the default route towards the cable router)

ip route 0.0.0.0 0.0.0.0 10.38.77.130 (this is the default route towards the T1 router)

If yes then the 2600 router configuration is ok, but the problem must be on the cable router or the PIX, it must have no route for the return traffic to LAN 192.168.0.0.

HTH, please rate if it does help,

Mohammed Mahmoud.

New Member

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

You are correct that the 192 is the cable router. It is not a cisco device, and I will contact them for further support, but if it were, what code would route it back to the 192 LAN?

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

I don't know your cable router code, you'll need to find a configuration guide or contact the vendor.

Can you please post a topology diagram (maybe by Visio), i have a further issue.

HTH,

Mohammed Mahmoud.

New Member

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Don't have Visio on this computer, so attached a word doc with diagram. I have bypassed the pix on the 192. side, to eliminate as problem.

What other issue?

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

What is the default gateway configuration on your workstations and servers ?

BR,

Mohammed Mahmoud.

New Member

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

192.168.0.35 for the 192. LAN, and 10.38.77.35 for the 10. LAN.

I need the 192. For the Exchange server.

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

The problem here is that:

1. Why do u need RIP?

2. This design is inconsistent, do you have more Ethernet interfaces on the 2600 router ?

BR,

Mohammed Mahmoud.

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

The default routes that are configured on the 2600 are inconsistent as they can't tell which packets can use which default route, accordingly use the following configuration (PBR configuration):

interface FastEthernet0/0

ip address 10.38.77.35 255.255.255.0

ip policy route-map LAN1

speed auto

half-duplex

interface FastEthernet0/1

ip address 192.168.0.35 255.255.255.0

ip policy route-map LAN2

speed auto

half-duplex

route-map LAN1 permit 10

match ip address 1

set ip default next-hop 10.38.77.130

route-map LAN2 permit 10

match ip address 2

set ip default next-hop 192.168.0.4

access-list 1 deny 10.38.77.30 0.0.0.0

access-list 1 deny 10.38.77.130 0.0.0.0

access-list 1 permit 10.38.77.0 0.0.0.255

access-list 2 deny 192.168.0.4 0.0.0.0

access-list 2 permit 192.168.0.0 0.0.0.255

no ip route 0.0.0.0 0.0.0.0 192.168.0.4

no ip route 0.0.0.0 0.0.0.0 10.38.77.130

please keep me updated with your final results.

HTH, please rate if it does help,

Mohammed Mahmoud.

New Member

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Thanks! It appears to have worked. I will test further tomorrow, and let you know if any problems.

I will rate this a 5.

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

You are welcomed, and please keep me updated with your results.

BR,

Mohammed Mahmoud.

New Member

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

One of the things that I will need to test is the Exchange Server, for email. It is on the 192. LAN. Its gateway is set to the 192.168.0.4 cable router, which is port forwarding for email to the Exchange Server. I do not think it would affect the email, if I change the gateway of the Exchange Server to the 192.168.0.35 address. Do you agree?

Again, thanks for your help, and your follow up. I will let you know the results tomorrow.

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

No it shouldn't make any problems, please do keep me updated.

good luck,

Mohammed Mahmoud.

New Member

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

It worked great, so far. I will connect the email server next week - got re-routed to other project - but do not expect any problems. Thanks so very much!

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

Hi,

You are very welcomed, i am really glade that everything went great, please keep me updated with the final results.

HTH,

Mohammed Mahmoud.

New Member

Re: 2621 - 2 LANs, 2 ISPs, 2 PIXs

I only have the 2 FastEthernet i/fs.

179
Views
10
Helpful
17
Replies
CreatePlease login to create content