Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policy Based Routing

I currently have a 2600 router with a t1 connection to the internet. It is being used for browsing as well as in coming access to servers. My company wants to install a second Ethernet interface and connect it to a DSL modem. The goal is to have the t1 for my remote users to access the servers but to have the Ethernet/DSL link for browsing the internet. It is my understanding that PBR is the way to set this up. Does anyone have any advice on this configuration?

7 REPLIES
VIP Purple

Re: Policy Based Routing

Hello,

you could use PBR (see configuration below) but it would be easier to just put in two static routes, one pointing to your server subnet, and a default route pointing to the Internet:

ip route 192.168.1.0 255.255.255.0 serial0

ip route 0.0.0.0 0.0.0.0 ethernet0/0

In this example, 192.168.1.0/24 is the subnet where your servers are located. Since this is a more specific route than the default route, traffic to this subnet will always go out through the T1 serial interface. All other traffic will go through the Ethernet interface where the DSL modem is connected to.

For policy-based routing you would use the following configuration (I asumed that your local subnet is 192.168.2.0/24):

interface Ethernet0/0

ip policy route-map INTERNET

!

interface Serial0

ip policy route-map SERVER_SUBNET

!

ip policy-map INTERNET permit 10

match ip address 102

set interface Ethernet0/0

!

ip policy-map SERVER_SUBNET permit 10

match ip address 101

set interface Serial0

!

access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0.0.0.255

!

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 permit ip any any

!

HTH,

Georg

New Member

Re: Policy Based Routing

Georg,

Thank you for the reply.

In my config the t1 is an internet connection as is the dsl connection. The remote users are accessing citrix servers on my local network through the t1, the dsl connection would be used for local users that want to browse out to the internet.

VIP Purple

Re: Policy Based Routing

Hello,

do your local users also need to access the remote site through the T1 or is it just remote users accessing the local Citrix servers ? In either case just make sure that the access list for the route map SERVER_SUBNET only allows traffic between both sites and nothing else. You can still use the configuration I have proposed earlier.

Does that make sense ?

Regards,

Georg

New Member

Re: Policy Based Routing

My local users only need internet access. The remote users are accessing citrix servers from various public addresses. Would it be make more sense to have the route map address the www traffic? if so how would that read?

VIP Purple

Re: Policy Based Routing

Hello,

in that case, change the access list belonging to route map INTERNET (access list 102) to:

access-list 102 permit tcp any any eq www

In that way, all WWW traffic will be directed out Ethernet0/0. You do not need the other route map anymore, I guess.

Regards,

Georg

New Member

Re: Policy Based Routing

thanks... I will try it Monday

VIP Purple

Re: Policy Based Routing

Hello,

ok, good luck !

Regards,

Georg

128
Views
0
Helpful
7
Replies