Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
7
Replies

How to redirect HTTP traffic through a DSL link ?

Go to solution
jcarnouil
Level 1
Level 1

‎03-23-2006 02:46 AM - edited ‎03-03-2019 12:09 PM

Hi there ! My problem is very similar to some recent ones solved here, but I need more help from you, dear IOS specialist.

As our main Internet link is very often saturated (it is shared with many other schools), we want to set up a DSL link to add some bandwidth (mainly for HTTP incoming traffic).

Our school workstations are connected to a Catalyst 6509 whose default gateway is a Cobalt cache box (172.18.32.101). The default gateway of the Cobalt is our main Internet connection firewall (172.18.32.100). The DSL router is also connected to the 6509 (172.18.32.102).

See network diagram here : http://darwin.gobelins.fr/public/network-diag.jpg

We want to redirect some incoming traffic (mainly HTTP and FTP) through that DSL link, using an acces-list and routing-map setup.

!

interface Vlan5

ip address 172.18.32.1 255.255.240.0

ip helper-address 172.18.1.2

no ip redirects

ip policy route-map http-redir

!

!

ip classless

no ip forward-protocol udp tftp

no ip forward-protocol udp nameserver

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

ip route 0.0.0.0 0.0.0.0 172.18.32.101

ip route 192.168.3.0 255.255.255.0 172.18.32.100

ip route 192.168.205.0 255.255.255.0 172.18.32.100

ip route 194.57.100.0 255.255.255.0 172.18.32.100

ip route 195.68.194.128 255.255.255.128 172.18.32.100

ip http server

!

!

access-list 110 permit tcp host 172.18.32.21 any eq http

access-list 110 deny tcp any any

!

route-map http-redir permit 110

match ip address 110

set ip next-hop 172.18.32.102

!

When I apply that route mapping to the VLAN interface, it does not route HTTP packets through the DSL link, even if the route-map seems to match :

CAT6509#sh route-map

route-map http-redir, permit, sequence 110

Match clauses:

ip address (access-lists): 110

Set clauses:

ip next-hop 172.18.32.102

Policy routing matches: 119802 packets, 34026305 bytes

Have you any idea why it does not work as supposed ?

Thanks

- Jean-Claude

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pkhatri
Level 11
Level 11
In response to jcarnouil

‎03-23-2006 03:46 AM

Ok,

I'd be curious to see if the redirected traffic makes it to your DSL router....

Is there any chance you could run 'debug ip policy' on your 6509 at all, to see whether the traffic is getting policy routed at all ?

Paresh

View solution in original post

0 Helpful
7 Replies 7

Go to solution
ankurbhasin
Level 9
Level 9

‎03-23-2006 03:01 AM

Hi Jean,

Can you paste the output of

sh ip route 172.18.32.102

Regards,

Ankur

0 Helpful

Go to solution
jcarnouil
Level 1
Level 1
In response to ankurbhasin

‎03-23-2006 03:14 AM

OK, here it is :

CAT6509#sh ip route 172.18.32.102

Routing entry for 172.18.32.0/20

Known via "connected", distance 0, metric 0 (connected, via interface)

Routing Descriptor Blocks:

* directly connected, via Vlan5

Route metric is 0, traffic share count is 1

Hope this help ...

- JC

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to jcarnouil

‎03-23-2006 03:30 AM

Hi,

You indicated that you wanted to redirect incoming http traffic but your route-map seems to suggest that you are acting on outgoing HTTP traffic. Is that what you want ? Could you elaborate on what type of http traffic you are trying to act on - is it traffic from an internal web server ?

Paresh

0 Helpful

Go to solution
jcarnouil
Level 1
Level 1
In response to pkhatri

‎03-23-2006 03:42 AM

Paresh,

Yes, I want incoming HTTP traffic from the Internet to come from the DSL link, so I redirect HTTP requests via that link ... or the response will never come through DSL .. (172.18.32.21 is my workstation IP@)

The DSL router is doing NAT translation on 172.18.32.102.

Maybe the problem is due to the fact that the DSL router is not connected to a dedicated port on the 6509 switch. (behind a 2950 switch on VLAN 5).

Hope this help

- JC

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to jcarnouil

‎03-23-2006 03:46 AM

Ok,

I'd be curious to see if the redirected traffic makes it to your DSL router....

Is there any chance you could run 'debug ip policy' on your 6509 at all, to see whether the traffic is getting policy routed at all ?

Paresh

0 Helpful

Go to solution
jcarnouil
Level 1
Level 1
In response to pkhatri

‎03-23-2006 08:05 AM

The 6509 is in production (450 users using it) so I prefer not to do mistakes with debug mode.

May you give me the way to go to limit the debugging on routing-maps ?

I plan to do that :

access-list 123 permit ip host 172.18.32.21 host 172.18.32.101

access-list 123 permit ip host 172.18.32.101 host 172.18.32.21

debug ip packet 123 detail

[conf terminal] int vlan5

[conf terminal] no ip route-cache

Am I correct ?

Thx JC

0 Helpful

Go to solution
jcarnouil
Level 1
Level 1
In response to jcarnouil

‎03-27-2006 07:08 AM

I finally was able to use debug on the router and it showed that in fact, everything worked fine !!

The http packets are correctly directed through the DSL link.

My error was to use "ping" and "traceroute" to test the redirection and off course, it was not working with an access-list made for HTTP traffic .. oups !

Thanks to you all

- Jean-Claude

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card