Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
4
Helpful
5
Replies

2851 Router with 3 x ADSL interfaces

gregsmales
Level 1
Level 1

‎06-02-2007 09:17 PM - edited ‎03-03-2019 05:16 PM

Hi all,

Wondering if someone can assist with a config I need to put together in the next few weeks.

Situation is this:

Cisco 2851 Router with 3 x ADSL interfaces

Reason behind the 3 x ADSL's is the following:

1 x ADSL (512k/512k) to be used for VoIP traffic

1 x ADSL (512k/512k) to be used for MS SQL traffic

1 x ADSL (8000k/384k) to be used for everything else

Each of these ADSL's will need a site-to-site IPSEC connection back to our main site (terminating on a 3rd party firewall). My question is how should I go about configuring the ADSL interfaces so that only the specified traffic types travels down the correct link?

And if you were wondering why we are looking at doing this on a 2851 it's because the 4th interface is a VIC2-2BRI, and the router is going to be doing SRST (supporting approx 60 VoIP phones).

Any suggestions/comments/example configs would be greatly apreciated.

Labels:
0 Helpful
5 Replies 5

bjornarsb
Level 4
Level 4

‎06-03-2007 02:30 AM

Hi,

This might be a start?

!

interface fastethernet 3/1

desc ** LAN interface ***

ip policy route-map Texas

ip nbar...

!

route-map Texas permit 10

match protocol XXX

set ip next-hop 3.3.3.3

!

route-map Texas permit 20

match ip protocol XX

set ip next-hop 4.3.3.5

or set interface XXX

route-map Texas permit 30

Then you have 3 different crypto-maps for

you ipsec connecitons, each applied to one ADSL interface.

HTH

BR,

Bjornarsb

gregsmales
Level 1
Level 1
In response to bjornarsb

‎06-03-2007 02:50 PM

Thanks for your reply. I'll give this a go once I get my hands on the hardware

0 Helpful

gregsmales
Level 1
Level 1
In response to bjornarsb

‎06-06-2007 05:11 PM

Hi,

I've started building a config for this and have struck a potential problem.

When you define each of the three crypto-map's you need to define a 'match' statement which points to an ACL. If the route-map's are matching based on protocol, how should I look at matching the crypto-map's?

Also is it possible to have a different pre-shared key for each ipsec tunnel?

Thanks

0 Helpful

gregsmales
Level 1
Level 1
In response to gregsmales

‎06-06-2007 05:43 PM

Also, I actually don't see 'match protocol' or 'match ip protocol' as available selections in the route-map. Do I need to turn something on like nbar or cef?

0 Helpful

a.cruea1980
Level 3
Level 3
In response to gregsmales

‎06-07-2007 08:45 AM

I'd suggest for your mapping on the crypto-maps for your router, match via protocol/ports. You know your SQL is bound to port 1433 or something like that, and it's a TCP protocol. Your VoIP will fall on certain ports and use UDP. . .make sure and include your skinny protocol in there as well.

After that, I think you can gather all the traffic that's left. . .you'd just deny the other two from the access-list you're using for your bulk traffic.

And I do believe you can have a different pre-shared key since you'll have 3 different crypto-maps. I think, but don't quote me on that.

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card