01-22-2007 12:31 PM - edited 03-03-2019 03:26 PM
Hi all.
I have a router 1841 with 2 connections to Internet (V.35 and Fastethernet-Dialer-PPPoE)with 2 ISP's, the V.35 connection is for VPN clients and L2L VPN, and the other (Dialer) for navigation, I have configured 2 default static routes, but when the VPN clients want to access to the network, the VPN return packets leaves by the Dialer interface and have problem to connect, I require that they return by the interface where they entered.
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
01-22-2007 01:16 PM
Oliver
With 2 equal cost static default routes the router will distribute traffic over both of the interfaces without regard for what kind of traffic it is. Which is the symptom that you are describing. I believe that you can solve your issue with Policy Based Routing. What you need to do is to remove the static default to the serial interface, so there will be one static default route to the dialer. Then configure PBR so that it identifies VPN traffic and sends it to the serial. The config might look something like this:
ip policy local
ip access-list extended matchVPN
permit udp any any eq isakmp
permit esp any any
route-map useserial permit 10
match ip address matchVPN
set interface serial0/0/0
Give that a try and let us know how it works.
HTH
Rick
01-31-2007 04:01 PM
01-31-2007 08:00 PM
thanos
The first point I would make is that instead of highjacking an existing thread it would have been better if you had posted this as a new question. You could reference the existing discussion as part of your question if you want, but essentially you have a new issue and it deserves a new question.
My second point is that your major problem is that you have put the ip policy route-map dsl2 on the outbound interfaces. But Policy Based Routing is configured on the inbound interface(s) on which traffic arrives to the router not on the interfaces by which it leaves the router. So I think that you need to move the ip policy statements to FastEthernet0/0 and/or FastEthernet0/1.
My next point is that the access list defined strikes me as potentially a problem. It selects traffic where both the source and destination port are 7777, or 2009, or 2106, or domain. In most packets the source port is different than the destination port. So I suspect that most of these statements will not match any traffic.
My last point is a question about why you have turned off CEF?
HTH
Rick
02-01-2007 02:44 PM
Hi Burts..you re right. i found out myself later while relaxing major probs and i changed a lot of stuff on the config.while the new config looks ok to me while tested it its behaviour was a bit unstable creating major delays.browsing was slow, pings unstable etc.
if someone can see something weird pls help
thanks in advance
01-22-2007 03:27 PM
Hi,
If you know the vpn destination ip address, you can actually define a route through serial interface for that network and rest of the traffic will match the default route through dialer interface.
01-23-2007 08:06 AM
I have movable users is not possible this option.
thanks
01-23-2007 10:07 AM
Oliver
With movable users I agree that specific routes are not possible. Have you considered the option that I suggested to use Policy Based Routing?
HTH
Rick
01-25-2007 12:27 PM
Hi Rick
I configure PBR and delete the serial default route, the VPN clients establish connection to the VPN-Router, but the traffic between the private networks (LAN and VPN Clients) is not established, if I add the default route by the serial interface, the traffic between VPN Client and LAN work of intermittent form.
I have much pressure by this situation
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: