11-18-2006 12:45 PM - edited 03-03-2019 02:45 PM
Hello
can someone post me a smaple configuration on connecting to two diffrent ISPs
i have 2 DSL lines, Dialer1 & Dialer2, and my router has two networks, 10.10.0.0 and 192.168.0.0
i want to route all traffic from 10.10.0.0 to dialer1, and all traffic from 192.168.0.0 to dialer2.
thanks for any help.
Solved! Go to Solution.
11-18-2006 04:05 PM
Based on your post, i persume that you are asking for a solution in which the private address range 10.10.10.0 should
use wan interface dialer 1 and lan fastethernet 0/0 and other private range 192.168.0.0 should use dialer 2 and fastethernet 0/1 for incoming and outgoing traffic. Based on this assumption iam giving you a solution and if this is not your need please ignore my post.
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
access-list 10 remark *** ACL for Dialer 1
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 11 remark *** ACL for Dialer 2
access-list 11 permit 192.168.0.0 0.0.255.255
route-map F0 permit 10
match ip address 10
set interface fastethernet 0/0
route-map F1 permit 11
match ip address 11
set interface fastethernet 0/1
interface fastethernet0/0
ip nat inside
ip policy route-map F0
interface fastethernet0/1
ip nat inside
ip policy route-map F1
interface dialer 1
ip nat outside
interface dialer 2
ip nat outside
Hope this may help you
Thanks
Rajesh
11-18-2006 02:14 PM
access-list 19 permit 192.168.0.0 0.0.255.255
access-list 10 permit 10.10.0.0 0.0.255.255
route-map dialer permit 10
match ip address 10
set interface dialer1
route-map dialer permit 20
match ip address 19
set interface dialer2
interface fastethernet0/0
ip policy route-map dialer
______
Please rate helpful posts.
Thanks
11-18-2006 02:22 PM
hi thanks,
i have 2 FE0/0 (10.10.0.0) , FE0/1 (192.168.0.0), should i apply the policy on both (ip policy route-map dialer)?
thanks!
11-18-2006 04:05 PM
Based on your post, i persume that you are asking for a solution in which the private address range 10.10.10.0 should
use wan interface dialer 1 and lan fastethernet 0/0 and other private range 192.168.0.0 should use dialer 2 and fastethernet 0/1 for incoming and outgoing traffic. Based on this assumption iam giving you a solution and if this is not your need please ignore my post.
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
access-list 10 remark *** ACL for Dialer 1
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 11 remark *** ACL for Dialer 2
access-list 11 permit 192.168.0.0 0.0.255.255
route-map F0 permit 10
match ip address 10
set interface fastethernet 0/0
route-map F1 permit 11
match ip address 11
set interface fastethernet 0/1
interface fastethernet0/0
ip nat inside
ip policy route-map F0
interface fastethernet0/1
ip nat inside
ip policy route-map F1
interface dialer 1
ip nat outside
interface dialer 2
ip nat outside
Hope this may help you
Thanks
Rajesh
11-19-2006 06:46 AM
Thanks!
your configuration works fine now.
only 1 question, both network dont see each other? is that true or i have done something wrong?
if it's true, anyway to make them see each other?
thanks.
11-19-2006 11:33 AM
Modify the previous configuration like this
p nat inside source list 100 interface Dialer1 overload
ip nat inside source list 110 interface Dialer2 overload
access-list 100 remark *** ACL for Dialer 1
access-list 100 deny ip 10.10.10.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 110 remark *** ACL for Dialer 2
access-list 110 deny ip 192.168.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
route-map F0 permit 10
match ip address 100
set interface fastethernet 0/0
route-map F1 permit 11
match ip address 110
set interface fastethernet 0/1
interface fastethernet0/0
ip nat inside
ip policy route-map F0
interface fastethernet0/1
ip nat inside
ip policy route-map F1
interface dialer 1
ip nat outside
interface dialer 2
ip nat outside
___
Please rate helpful posts.
Thanks
11-19-2006 05:08 PM
At the moment I don?t think, two networks can see each other. You need to run a routing protocol to exchange routing information between two subnets. To start with you can go for RIP, which is the basic and easiest routing protocol.
Use the following commands to run RIP in your router.
config t
router rip
version 2
network 10.0.0.0
network 192.168.0.0
Hope this should fix your issues and let us know how you go.
Thanks
Rajesh
11-20-2006 07:12 AM
Rajesh,
You don't need a dynamic routing protocol on the router for this to work. The problem with the networks seeing each other is due to the policy map that forces all packets to the dialer interface.
The ACL I posted should correct this issue.
The 2 networks show as 'connected' on this router's routing table, which is the default gateway for both networks, thus no need for RIP.
11-20-2006 10:09 AM
hello, i tried both configuration, the RIP doesnt work..
the access-list has worked fine and both network can see each other,
thanks all for your help!
11-21-2006 05:20 AM
Edison,
Being directly connected subnets, initially I was thinking that both networks should able to ping each other. On the other hand, since PBR statement forces all the packets to the dialer interface and will not allow pinging each other, and then I thought of using a routing protocol which might be a better option.
Now I am confused, can you please explain why the use of RIP doesn?t work and how ACL over comes that???
Thanks
Rajesh
11-21-2006 07:38 AM
Hi rajesh,
As posted earlier by Edison, the packets when enter the interface enabled with PBR, takes preference over the routing decision.
So the packets are forced out of the dialer interface and does not reach the other vlan interface nad hence it never receives a reply for the packets you send.
The scenario would have been same even when you have a routing protocol.
The access-list actually denies the VLan from the interseting traffic defined for PBR and hence reaches the destination via normal routing (directly conncted in the above case).
HTH, rate if it does
Narayan
11-22-2006 04:47 AM
Thanks for your explanation Narayanan. To make myself clear and comfertable i am going to try in my test lab and let you know how it went.
Thanks
Rajesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide