Group,
Good morning, wanted to run some config questions by you as I am a bit unclear on a few things regarding load balancing and the IP SLA and PBR routing. Let's start with the basics:
GigabitEthernet0/1 --> LAN
GigabitEthernet0/0 --> ISP 1 WAN
GigabitEthernet0/2 --> ISP 2 WAN
So here is what I am attempting to accomplish. We have added ISP 2 to specifically send our VOIP traffic down, I would like to direct our PBX traffic from the LAN down this link. I have already added the config for the IP SLA to the router but I am unsure about configuration of the PBR to over-ride the routing tables and I believe PBR statements are evaluated before routing and how they are applied. Currently my default route-map looks like this:
route-map SDM-RMAP_1 permit 1
match ip address 104
My ACL 104 looks like this:
access-list 104 permit ip 192.168.10.0 0.0.0.31 any
My understanding is that although you can only have 1 route-map per interface you can sequence them as well, when a match occurs it takes the action and continues to evaluate till the bottom of the sequence. So my question is can I / should I configure it like this for the desired results?
Create the object group:
object-group Asterisk
description SIP Communication Server
udp source range 5060-5061
udp source range 10001-20000
NAT the traffic from the inside to the outside for SIP Signaling:
ip nat inside source static udp 192.168.10.11 5060 2xx.135.77.158 5060
Create the ACL for the VOIP Traffic:
access-list 109 remark ISP Traffic
access-list 109 permit object-group Asterisk any host 2xx.135.77.158
Modify the existing route-map:
no route-map SDM_RMAP_1
route-map SDM_RMAP_1 permit 10
match ip address 109
set interface GigabitEthernet0/2
exit
route-map SDM_RMAP_1 permit 20
match ip address 104
exit
exit
Apply the traffic to the interface where the traffic is coming in on ISP2:
interface GigabitEthernet0/2
ip policy route-map SDM_RMAP_1
I think that covers it, if the access-list 104 is the last statement to be evaluated should I put a deny any at the end of the statement? Group THANK YOU so much for taking the time to review this config with me. I appreciate it very much!