Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Destination routing via altenate ISP

I have installed a broadband connection into my Cisco 3800. Currently, I employ EIGRP and static routes - the statics directing all 0.0.0.0 0.0.0.0 traffic out our point-to-point T1. I want to direct specific subnets out the broadband. I've assigned one of the static IPs provided by the broadband provider to a second Ethernet port and assigned it as an outbound WAN port. Adding a static route to point to that interface doesn't work.

What am I missing here? We do not employ ACLs - simple route statements directing traffic to specific interfaces. Thank you.

17 REPLIES
Silver

Re: Destination routing via altenate ISP

If you want to route certain traffic one way and the rest another, then it sounds like you are policy routing. Check these guides:

http://www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a008009481d.shtml

http://www.cisco.com/en/US/customer/products/ps6599/products_white_paper09186a00800a4409.shtml

HTH

Hall of Fame Super Silver

Re: Destination routing via altenate ISP

I find several aspects of the description of the problem to be not clear in the original post. The post says that they want to direct specific subnets but is not quite clear whether it is destination subnets or source subnets. If the desire is to direct several source subnets then Policy Based Routing is the feature that can accomplish this. If it is destination subnets, then there are several things that may contribute to the problem.

- first it would be very helpful to see the details of how the static routes were configured for these subnets. Posting these static routes would help us to see if there is an issue in how they were configured.

- there might be an issue in how the outbound interface to broadband is configured. If the configuration details of that interface were posted we could evaluate potential problems with it.

- there might be an issue with how to get return traffic for traffic that was sent out the broadband. If we knew more details about the environment we might see issues with this.

So if the original poster can supply some of these clarifications we might be able to find answers.

HTH

Rick

New Member

Re: Destination routing via altenate ISP

Thanks for the links.

I think I'm using policy routing now in conjunction with failover on our MPLS network - and employing EIGRP and BGP. However, I inherited this configuration and do not know how to add another policy route that would say, direct all routes going to destination subnetX via interface GigabitEthernet0/1 - that would not interfere with my existing policy routes. Any hints?

Here's my config.

Thanks

Hall of Fame Super Silver

Re: Destination routing via altenate ISP

It is helpful to see the config that you posted. In the config we can see that it does implement policy routing for traffic received on interface Gig0/0 and also for locally generated traffic. This policy based routing just sets ip precedence for all traffic recieved on the interface and on all traffic generated from the router. This policy based routing does not affect any routing decision.

The config does show several things about how routing is done on the router: you are running EIGRP on interfaces Gig0/0, Serial0/1/0, Serial0/1/1, Serial0/2/0, Serial0/0/0.1 and are running BGP with one external neighbor. So there are likely some dynamically learned routes. The router also defines a static default route with 172.19.4.2 as the next hop address. There are 3 static routes for more specific routes (and 2 of the static routes have the same next hop as the default route).

Can you clarify what you are trying to accomplish? I see the broadband interface Gig0/1 but do not see anything trying to send traffic out that interface. Also, depending on the addressing of the interface which you have hidden, I would expect to see Network Address Translation on traffic going out the broadband interface but I do not see that.

Can you tell us if the broadband interface is able to reach the provider next hop? Is the router able to reach the Internet via the broadband interface?

HTH

Rick

Hall of Fame Super Bronze

Re: Destination routing via altenate ISP

In order to direct specific subnets to the broadband connection instead of the T1, I suggest going with policy based routing.

When you assigned the public IP on the second ethernet, did you also create a NAT rule for your internal network ?

It would be helpful if you post configs.

Thanks

New Member

Re: Destination routing via altenate ISP

I'm planning on routing a destination subnet out of the broadband connection. I've set up NAT on firewall but not on a router. Can someone direct me to documentation? I'm wondering if the NAT will correct my issue or do I still need policy based routing?

Thank you.

Hall of Fame Super Silver

Re: Destination routing via altenate ISP

If data from the router goes out the broadband interface and goes through a firewall which is configured to do NAT then I would think that is good enough and there is no need to configure NAT on the router. I believe that many of us assume that when someone describes a connection from a router to broadband that the connection is directly from router to broadband. Thanks for clarifying this.

If you plan to route a destination subnet then I do not see any particular need for policy based routing. If you can provide some details about what you have configured maybe we can figure out what the problem is.

As I asked before it would be helpful if you can tell us more about the broadband connection. Is it working ok? Can the router access the provider next hop address through the broadband interface? Can the router access Internet resources through the broadband interface? Knowing these things will be crucial in figuring out the problem.

HTH

Rick

New Member

Re: Destination routing via altenate ISP

Rick-

Again - thanks for all the help.

When I said I'm familiar with setting up NAT on firewall - that's in respect to the default route out to the internet - in the config that would be Serial0/2/0 - where's there is a firewall to the Internet.

The broadband connection is local to the router with no firewall - so I would need to configure NAT for this connection. I've tested the broadband on a laptop - statically assigning an IP from the pool of five that came with the service. All works great. But I'm assuming now that NAT is required - just haven't had experience with configuring NAT on a router. From what I've seen, the router can't access any Internet resources through the broadband connection as things are now configured. Definitely missing something parameters. Thanks.

New Member

Re: Destination routing via altenate ISP

Correction ...

Successful ping and traceroute to gateway (next hop cable modem)from source address of broadband interface .... but nothing beyond.

New Member

Re: Destination routing via altenate ISP

Thanks for everyone's input.

I atatched the config under a previous reply.

Hall of Fame Super Bronze

Re: Destination routing via altenate ISP

What subnets are you planning to reroute via the broadband connection ?

As I stated before, you need to configure NAT on the broadband interface in order for internal networks to reach the internet from their non-routable subnets.

Hall of Fame Super Silver

Re: Destination routing via altenate ISP

Yes you attached the config. I looked at the config and I asked some questions. Will you be answering the questions that I asked?

HTH

Rick

New Member

Re: Destination routing via altenate ISP

Have a hard time navigating the list. Please excuse - this needs to be a reply here ...

I'm planning on routing a destination subnet out of the broadband connection. I've set up NAT on firewall but not on a router. Can someone direct me to documentation? I'm wondering if the NAT will correct my issue or do I still need policy based routing?

Thank you.

New Member

Re: Destination routing via altenate ISP

Will this work with existing rules:

ip route g0/1

access-list 1 permit 172.17.0.0 255.255.0.0

ip nat source list 1 interface G0/1 overload

interface G0/0

ip address

ip nat inside

interface G0/1

ip address

ip nat outside

Please advise.

Hall of Fame Super Silver

Re: Destination routing via altenate ISP

I would suggest one change but this is mostly right. I would suggest changing your static route. Instead of doing this:

ip route g0/1

I would suggest this:

ip route

If you point the static route to the gig interface it will work only if the provider supports proxy ARP (and more and more people are wanting to not support proxy ARP). And even if it works it will make your router work harder (because it will have to arp for every remote destination). If you put in the next hop address it just works and is more efficient.

Another note is to verify that the traffic coming from Gig0/0 to be routed out the broadband is from network 172.17.0.0 (and no other network).

Otherwise it looks to me like this should work.

Good luck.

HTH

Rick

New Member

Re: Destination routing via altenate ISP

OK - the only traffic I wnat routed is from 172.17 x.x and no other.

Added all of the rules I listed - with your suggestion of the next hop (cable modem) in place of the router interface in the ute statement. The thing I don't understand is when I added "access-list 1 permit 172.17.0.0 255 255.0.0" came out in the config. as "access-list 1 permit 0.0.0.0 255.255.0.0"

When all is applied - not traffic flows out any interface - it's almost as if the router's is attempting to NAT all outbound traffic. Once I removed the two "ip nat" statements from G0/0 and G0/1 traffic flow recovered. A PC directly connected to the cable modem works. Any ideas?

Hall of Fame Super Silver

Re: Destination routing via altenate ISP

The reason that 172.17.0.0 255 255.0.0 came out as 0.0.0.0 255.255.0.0 is that access lists use an inverted subnet mask. So the syntax that you used specified that it could be anything in the first two octets but had to be 0.0 in the last two octets. The correct syntax is 172.17.0.0 0.0.255.255. (Sorry that I did not notice that detail in the earlier posting.)

If you change the access list and put the NAT statements back then I think that this should work.

HTH

Rick

274
Views
0
Helpful
17
Replies