Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policy Based Routing

Hello All,

On my internet router I have 2 Fa interfaces and 1 serial. Fa0/0 is connected to my internal network. S0/0/0 is connected to one ISP. Fa0/1 is conencted to a second ISP. I would like all my HTTP traffic (Web Browsing) to go through Fa0/1 to my second ISP whilst the rest of the traffic is run through S0/0/0 to the first ISP. I would like to use Policy Based Routing to do this for my Fa0/1 interface.

I have configured it but am still unable to access the internet via Fa0/1 to ISP2

Here are the configs that I have:

interface FastEthernet0/0

description Link to DMZ

ip address 202.x.x.33

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip route-cache flow

ip policy route-map ISP2

ip nat inside

speed auto


no cdp enable


interface FastEthernet0/1

ip address dhcp

ip nat outside

duplex auto

speed auto

ip nat pool ISP2_POOL prefix-length 24

ip nat inside source list 10 pool ISP2_POOL

access-list 1 permit 202.x.126.38

access-list 10 permit 202.x.126.38

route-map ISP2 permit 10

match ip address 1

set interface FastEthernet0/1

set ip next-hop

Any help would be greatly appreciated as I am being given a really short timeline to get this done.



Hall of Fame Super Silver

Re: Policy Based Routing


Is the traffic coming from source address That is the only address that your route map and access list will send out the other interface.

Also I am not sure why you are using both:

set interface FastEthernet0/1


set ip next-hop

What happens if you remove the set interface and use only set ip next-hop?



New Member

Re: Policy Based Routing


Yes. The traffic is coming from source address

I will try to remove the set interface fa0/1 and only use the set ip next-hop.

Will keep you updated.


Re: Policy Based Routing


Do you own the public LAN ip pool i.e is it assigned to you by some body like the ARIN/APNIC

If the public lan pool is given by an ISP, then it will most probably be rejected by the other ISP.

Also i do not understand why you are Natting a public ip to a private IP and sending across, unless your ISP is again Natting it.

A brief topology would help

HTH, rate if it does


New Member

Re: Policy Based Routing

Hello Narayan,

We do not own a public ip pool. The public IP's that we use was given to us by our ISP (ISP1).

We are NATTing a public IP to a private IP before sending to ISP2 who then Natt's it again to their public IP.

We have all HTTP traffic going through the interface fa0/1 connected to ISP2 and all other traffic eg. email going through the serial interface to ISP1.

Topology would be somthing like this:

ISP1--publicIP--s0 ExtRouter fa0/1--NAT--ISP2

fa0/0 of the ExtRouter is linked to our internal network. Fa0/0 has a public IP that is being Natted to a private IP for all HTTP traffic which are directed to ISP2 whilst all other traffic goes via s0.

Hope this helps in understanding my problem.