Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policy Based Routing

Hello All,

On my internet router I have 2 Fa interfaces and 1 serial. Fa0/0 is connected to my internal network. S0/0/0 is connected to one ISP. Fa0/1 is conencted to a second ISP. I would like all my HTTP traffic (Web Browsing) to go through Fa0/1 to my second ISP whilst the rest of the traffic is run through S0/0/0 to the first ISP. I would like to use Policy Based Routing to do this for my Fa0/1 interface.

I have configured it but am still unable to access the internet via Fa0/1 to ISP2

Here are the configs that I have:

interface FastEthernet0/0

description Link to DMZ

ip address 202.x.x.33 255.255.255.240

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip route-cache flow

ip policy route-map ISP2

ip nat inside

speed auto

full-duplex

no cdp enable

!

interface FastEthernet0/1

ip address dhcp

ip nat outside

duplex auto

speed auto

ip nat pool ISP2_POOL 192.168.1.10 192.168.1.20 prefix-length 24

ip nat inside source list 10 pool ISP2_POOL

access-list 1 permit 202.x.126.38

access-list 10 permit 202.x.126.38

route-map ISP2 permit 10

match ip address 1

set interface FastEthernet0/1

set ip next-hop 192.168.1.1

Any help would be greatly appreciated as I am being given a really short timeline to get this done.

Thanks.

Tim.

4 REPLIES
Hall of Fame Super Silver

Re: Policy Based Routing

Tim

Is the traffic coming from source address 202.62.126.38? That is the only address that your route map and access list will send out the other interface.

Also I am not sure why you are using both:

set interface FastEthernet0/1

and

set ip next-hop 192.168.1.1

What happens if you remove the set interface and use only set ip next-hop?

HTH

Rick

New Member

Re: Policy Based Routing

Rick,

Yes. The traffic is coming from source address 202.62.126.38.

I will try to remove the set interface fa0/1 and only use the set ip next-hop.

Will keep you updated.

Tim.

Re: Policy Based Routing

Tim,

Do you own the public LAN ip pool i.e is it assigned to you by some body like the ARIN/APNIC

If the public lan pool is given by an ISP, then it will most probably be rejected by the other ISP.

Also i do not understand why you are Natting a public ip to a private IP and sending across, unless your ISP is again Natting it.

A brief topology would help

HTH, rate if it does

Narayan

New Member

Re: Policy Based Routing

Hello Narayan,

We do not own a public ip pool. The public IP's that we use was given to us by our ISP (ISP1).

We are NATTing a public IP to a private IP before sending to ISP2 who then Natt's it again to their public IP.

We have all HTTP traffic going through the interface fa0/1 connected to ISP2 and all other traffic eg. email going through the serial interface to ISP1.

Topology would be somthing like this:

ISP1--publicIP--s0 ExtRouter fa0/1--NAT--ISP2

fa0/0 of the ExtRouter is linked to our internal network. Fa0/0 has a public IP that is being Natted to a private IP for all HTTP traffic which are directed to ISP2 whilst all other traffic goes via s0.

Hope this helps in understanding my problem.

Thanks.

Tim.

103
Views
0
Helpful
4
Replies