We have a cisco 1811 with FE0 connected with SHDSL, FE1 connected with ADSL2+ and an additional static IP address for mail server.
What we want to achieve is as below.
1. All the servers and users are in 1 private network connecting to VLAN1.
2. All the traffic initiated from private network will be directed out through FE1. Mostly are http request to browse the internet.
3. Some servers in private network are providing remote access, such as web server,citrix server, etc. We want these traffic coming through FE0.
4. The additional public IP address is assigned to Mail server, so outgoing mail has consistant source IP and wont be treated as spam.It is also used for MX record.
So how can I config the router?
My idea is :
1. ip route 0.0.0.0 0.0.0.0 FE1 metric 1
ip route 0.0.0.0 0.0.0.0 FE0 Metric 10
So outgoing traffic will choose FE1 first.
Dynamic Nat will translate the internal IP into FE1.
Do I also need to translate them into FE0?
2. All the PAT is set for FE0. But will the reply traffic going through FE1 instead of FE0 which will cause the connection fail?
3. Assign the additional public IP to interface FE0, nat into mail server. If the route is set as above, does that mean the outgoing mail will go through FE1? As mail server is in the range of dynamic ip, will it be translated into ip of FE1 when sending out mail?
How can I monitor the traffic? Can I set up mail service as low priority so it wont affect other traffic?
You need to make sure that you have proper failback routing via the DSL's.
AFAIK metrics wont work with ethernet interface since ethernet interfaces are tend to remain up until the cable is disconnected.
So to route the traffic via the secondary interface may not be feasible if the primary interface remains up and the traffic will try to flow via the same and get dropped.
Secondly you need to maintain the connectivity/reachability to the public ip address of your mail server (something like the ip is routed from the SP end via both the DSL links so that it can be reached when any one of the link is up).
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...