Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

One Firewall and two routers

Hi to all,

Probably for you is a studip problem, but for me...

I have a Router 2811 configured as firewall and CME, and as gateway to ADSL a router 837 series.

Until yesterday I have only one ADSL, but now we need an other ADSL to split client traffic and server traffic.

I configured an other 837 router to with the ADSL, each adsl had 8 ip subnet.

It is enougth to configure and other ip route with same weight?

Like this:

ip route 0.0.0.0 0.0.0.0 111.111.111.111

ip route 0.0.0.0 0.0.0.0 222.222.222.222

and reconfigure the NAT pool for client?

Thank you very much.

Augusto.

3 REPLIES
New Member

Re: One Firewall and two routers

Configuring two equally weighted static routes will cause them to load balance.

If I'm understanding correctly, you want your clients to use one ADSL router and your servers to use the other.

Let's pretend your servers are in the 192.168.1.x range of IPs and your clients are in the 192.168.2.x range of IPs

Try this:

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

route-map TEST permit 10

match ip address 101

set ip next-hop 1.1.1.1

route-map TEST permit 20

match ip address 102

set ip next-hop 2.2.2.2

interface f0/0 (whatever your inside interface is)

ip policy route-map TEST

You then no longer need your static route.

New Member

Re: One Firewall and two routers

Hi, you understand perfectly, it seems easy... but now I have also some static NAT/PAT (for servers that I don't want change) and dynamic NAT (for clients).

Then I cannot change IP ranges. Can I make a access-list with subnet like that:

access-list 107 permit ip 192.168.254.192 0.0.0.63 any (all server ip are higher then 192)

access-list 108 permit ip 192.168.254.0 0.0.0.63 any

access-list 108 permit ip 192.168.254.64 0.0.0.63 any

access-list 108 permit ip 192.168.254.128 0.0.0.63 any

route-map TEST permit 10

match ip address 107

set ip next-hop 1.1.1.1 (old adsl)

route-map TEST permit 20

match ip address 108

set ip next-hop 2.2.2.2 (new adsl)

Thank a lot

Augusto

New Member

Re: One Firewall and two routers

Yes those ACLs should work just fine.

188
Views
0
Helpful
3
Replies