Re: Routing two LAN subnets,one router, two gateways

r-remien · ‎07-13-2002

I am looking for a suggestion for the best way to solve this scenario.

I have a 2611 router with 2 ethernet interfaces and a T1 WIC w/ CSU/DSU. Here is my setup.

e0/0 - 192.168.1.1 - LAN 192.168.0.0/24

e0/1 - 10.1.1.1 - LAN 10.1.1.0/24

s0/0 - 172.16.1.1 - Wan subnet 172.16.1.0/30

ip route 0.0.0.0 0.0.0.0 172.16.1.2

Currently all e0/0 LAN traffic is sent out s0/0 via default route and into the Frame Cloud which is fine. I have a new DSL setup that has the following addresses for the DSL router:

LAN IP - 10.1.1.2 (on the same VLAN as e0/1)

WAN IP - 192.168.1.1

I want the default gateway for the e0/1 (10.1.1.1) to be 10.1.1.2 and keep the default gateway for the e0/0(192.168.1.1) to be remain as 172.16.1.2 (the other end of the frame on s0/0 subnet). How can I do this? Should I use route-maps and/or access-lists? Also, Can I nat the 10.1.1.0/24 network on the router. The e0/1 would have ip nat inside. But I do not have another interface on the router to put ip nat outside.

Thanks for any help,

RJ

yusuff · ‎07-14-2002

you can do policy routing such that any packets arriving from source 192.168.1.0/24 should be set to next-hop as 172.16.1.2 or s0/0 and for any packets arriving from source 10.1.1.0/24 to set the next-hop as 10.1.1.2 or e0/1

eg;

route-map test permit 10

match ip address 1

set ip next-hop 172.16.1.2 OR set interface serial 0/0

route-map test permit 20

match ip address 2

set ip next-hop 10.1.1.2 OR set interface ethernet 0/1

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 10.1.1.0 0.0.0.255

HTH

R/Yusuf

yusuff · ‎07-14-2002

then apply this route-map 'test' to ethernet0/0 and ethernet0/1 interfaces.

eg;

interface ethernet 0/0

ip policy route-map test

interface ethernet 0/1

ip policy route-map test

R/Yusuf

r-remien · ‎07-14-2002

Thanks for your help. The examples helped clarify the concept. What about using NAT on the router? I would like to NAT the 10.1.1.0/24 to a another public subnet that will route out the DSL WAN interface. So, e0/1 would have ip nat inside. Since I do not have another ethernet interface to place ip nat outside on, could I create a Loopback interface using the WAN subnet I need and apply the ip nat outside command on this interface? Will I have any routing issues with this setup?

Thanks,

RJ

v.lui · ‎08-19-2002

I have a similar but slightly varied situation, either one of you, or anyone else's help would be greatly appreciated. I have 2 Cisco 2600, each with a s0, s1, eth0, and FastEth1. The two routers are connected on their s0 and s01 by TWO t1's, but bundled over MLPPP. RouterA points directly to a gateway to Internet. Behind router B is a LAN that has public AND private addressing.

I am using Router B to do DHCP and NAT. The public IPs are passing through just fine, all traffics are ok. But my nat'ed private IPs seem to have problems with certain types of traffic like mail and VPN. Can you take a look at my Router B config and find any problems with the NATing or the access-list ? I know that some of the access-list are not being applied. I was not clear whether an access-group in or access-group out is necessary?? The key here is to resolve the block of certain types of packets?

Thanks very much!

DCL23@pacbell.net

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Rhapsody

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxxx

enable password xxxxxxxxxxx

!

ip subnet-zero

ip dhcp excluded-address 192.168.4.1 192.168.4.20

!

ip dhcp pool wc

network 192.168.4.0 255.255.255.0

default-router 192.168.4.1

dns-server 206.13.28.12 206.13.31.12

domain-name rhapsody

lease 14

!

process-max-time 200

!

interface Multilink1

ip address 192.168.5.2 255.255.255.248 secondary

ip address 192.168.1.2 255.255.255.0

ip directed-broadcast

ip nat outside

no cdp enable

ppp multilink

multilink load-threshold 2 either

multilink-group 1

!

interface Ethernet0/0

ip address a.b.c.145 255.255.255.240

ip directed-broadcast

full-duplex

!

interface Serial0/0

ip unnumbered Multilink1

ip directed-broadcast

encapsulation ppp

no ip mroute-cache

no fair-queue

ppp multilink

multilink-group 1

!

interface Serial0/1

ip unnumbered Multilink1

ip directed-broadcast

encapsulation ppp

no ip mroute-cache

no fair-queue

ppp multilink

multilink-group 1

!

interface FastEthernet1/0

ip address 192.168.4.1 255.255.255.0

ip directed-broadcast

ip nat inside

!

ip nat translation timeout 43200

ip nat inside source list 101 interface Ethernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route a.b.c.144 255.255.255.240 FastEthernet1/0

no ip http server

!

access-list 7 permit any

access-list 20 permit any

access-list 21 permit any

access-list 22 permit any

access-list 23 permit any

access-list 25 permit any

access-list 101 permit tcp any any

access-list 101 permit ip any any

access-list 101 permit udp any any

access-list 101 permit tcp any any established

access-list 101 permit 110 any any

access-list 101 permit icmp any any

access-list 101 permit esp any any

access-list 101 permit ahp any any

access-list 113 permit tcp any any

access-list 113 permit udp any any

access-list 113 permit tcp any any eq smtp

access-list 113 permit tcp any any eq ftp

access-list 113 permit tcp any any eq pop3

access-list 113 permit tcp any any eq telnet

access-list 113 permit tcp any any eq www

access-list 113 permit udp any any eq domain

access-list 113 permit tcp any any eq echo

snmp-server engineID local 0000000902000030805C6040

snmp-server community public RO

!

line con 0

transport input none

line aux 0

line vty 0 4

password xxxxxxxxxxx

login

!

no scheduler allocate

end