Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
7
Replies

Policy Based Routing

bbartosik
Level 1
Level 1

‎02-28-2004 05:48 AM - edited ‎03-02-2019 01:54 PM

I currently have a 2600 router with a t1 connection to the internet. It is being used for browsing as well as in coming access to servers. My company wants to install a second Ethernet interface and connect it to a DSL modem. The goal is to have the t1 for my remote users to access the servers but to have the Ethernet/DSL link for browsing the internet. It is my understanding that PBR is the way to set this up. Does anyone have any advice on this configuration?

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎02-28-2004 06:04 AM

Hello,

you could use PBR (see configuration below) but it would be easier to just put in two static routes, one pointing to your server subnet, and a default route pointing to the Internet:

ip route 192.168.1.0 255.255.255.0 serial0

ip route 0.0.0.0 0.0.0.0 ethernet0/0

In this example, 192.168.1.0/24 is the subnet where your servers are located. Since this is a more specific route than the default route, traffic to this subnet will always go out through the T1 serial interface. All other traffic will go through the Ethernet interface where the DSL modem is connected to.

For policy-based routing you would use the following configuration (I asumed that your local subnet is 192.168.2.0/24):

interface Ethernet0/0

ip policy route-map INTERNET

!

interface Serial0

ip policy route-map SERVER_SUBNET

!

ip policy-map INTERNET permit 10

match ip address 102

set interface Ethernet0/0

!

ip policy-map SERVER_SUBNET permit 10

match ip address 101

set interface Serial0

!

access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0.0.0.255

!

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 permit ip any any

!

HTH,

Georg

0 Helpful

bbartosik
Level 1
Level 1
In response to Georg Pauwen

‎02-28-2004 07:36 AM

Georg,

Thank you for the reply.

In my config the t1 is an internet connection as is the dsl connection. The remote users are accessing citrix servers on my local network through the t1, the dsl connection would be used for local users that want to browse out to the internet.

0 Helpful

Georg Pauwen
VIP
VIP
In response to bbartosik

‎02-28-2004 08:13 AM

Hello,

do your local users also need to access the remote site through the T1 or is it just remote users accessing the local Citrix servers ? In either case just make sure that the access list for the route map SERVER_SUBNET only allows traffic between both sites and nothing else. You can still use the configuration I have proposed earlier.

Does that make sense ?

Regards,

Georg

0 Helpful

bbartosik
Level 1
Level 1
In response to Georg Pauwen

‎02-28-2004 09:59 AM

My local users only need internet access. The remote users are accessing citrix servers from various public addresses. Would it be make more sense to have the route map address the www traffic? if so how would that read?

0 Helpful

Georg Pauwen
VIP
VIP
In response to bbartosik

‎02-28-2004 10:07 AM

Hello,

in that case, change the access list belonging to route map INTERNET (access list 102) to:

access-list 102 permit tcp any any eq www

In that way, all WWW traffic will be directed out Ethernet0/0. You do not need the other route map anymore, I guess.

Regards,

Georg

0 Helpful

bbartosik
Level 1
Level 1
In response to Georg Pauwen

‎02-28-2004 10:29 AM

thanks... I will try it Monday

0 Helpful

Georg Pauwen
VIP
VIP
In response to bbartosik

‎02-28-2004 01:35 PM

Hello,

ok, good luck !

Regards,

Georg

0 Helpful
Customers Also Viewed These Support Documents