02-28-2004 05:48 AM - edited 03-02-2019 01:54 PM
I currently have a 2600 router with a t1 connection to the internet. It is being used for browsing as well as in coming access to servers. My company wants to install a second Ethernet interface and connect it to a DSL modem. The goal is to have the t1 for my remote users to access the servers but to have the Ethernet/DSL link for browsing the internet. It is my understanding that PBR is the way to set this up. Does anyone have any advice on this configuration?
02-28-2004 06:04 AM
Hello,
you could use PBR (see configuration below) but it would be easier to just put in two static routes, one pointing to your server subnet, and a default route pointing to the Internet:
ip route 192.168.1.0 255.255.255.0 serial0
ip route 0.0.0.0 0.0.0.0 ethernet0/0
In this example, 192.168.1.0/24 is the subnet where your servers are located. Since this is a more specific route than the default route, traffic to this subnet will always go out through the T1 serial interface. All other traffic will go through the Ethernet interface where the DSL modem is connected to.
For policy-based routing you would use the following configuration (I asumed that your local subnet is 192.168.2.0/24):
interface Ethernet0/0
ip policy route-map INTERNET
!
interface Serial0
ip policy route-map SERVER_SUBNET
!
ip policy-map INTERNET permit 10
match ip address 102
set interface Ethernet0/0
!
ip policy-map SERVER_SUBNET permit 10
match ip address 101
set interface Serial0
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0.0.0.255
!
access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit ip any any
!
HTH,
Georg
02-28-2004 07:36 AM
Georg,
Thank you for the reply.
In my config the t1 is an internet connection as is the dsl connection. The remote users are accessing citrix servers on my local network through the t1, the dsl connection would be used for local users that want to browse out to the internet.
02-28-2004 08:13 AM
Hello,
do your local users also need to access the remote site through the T1 or is it just remote users accessing the local Citrix servers ? In either case just make sure that the access list for the route map SERVER_SUBNET only allows traffic between both sites and nothing else. You can still use the configuration I have proposed earlier.
Does that make sense ?
Regards,
Georg
02-28-2004 09:59 AM
My local users only need internet access. The remote users are accessing citrix servers from various public addresses. Would it be make more sense to have the route map address the www traffic? if so how would that read?
02-28-2004 10:07 AM
Hello,
in that case, change the access list belonging to route map INTERNET (access list 102) to:
access-list 102 permit tcp any any eq www
In that way, all WWW traffic will be directed out Ethernet0/0. You do not need the other route map anymore, I guess.
Regards,
Georg
02-28-2004 10:29 AM
thanks... I will try it Monday
02-28-2004 01:35 PM
Hello,
ok, good luck !
Regards,
Georg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide