07-23-2008 01:42 AM - edited 03-03-2019 10:51 PM
Hi,
We are using 1782 Cisco router and its connected two ISP, ISP1 and ISP2.The traffic has to share b/w this two ISP.
The ISP1 via SMTP, POP3 through serial 0 and ISP2 via WWW through serial 1. Please check the following configuration whether its correct or not.If any thing needs to be change please let me know.
#access list 106 permit tcp 172.16.2.0 0.0.0.255 any eq 80
#access list 105 permit tcp 192.168.10.0 0.0.0.255 any eq 25
#access list 105 permit tcp 192.168.10.0 0.0.0.255 any eq 110
#route map ISP1 Permit 10
#match IP address 105
#set interface serial 0
#route map ISP2 Permit 20
#match IP address 106
#set interface serial 1
#interface S0
#ip policy route-map ISP1
#interface S1
#ip policy route-map ISP2
07-23-2008 02:12 AM
The route-map should be a single one that must be applied to the inside interface.
That is where the forwarding decision is made, not on the outgoing interfaces:
#route map ISP1 Permit 10
#match IP address 105
#set interface serial 0
#route map ISP1 Permit 20
#match IP address 106
#set interface serial 1
#interface fa0
#ip policy route-map ISP1
You will also need an entry for dns traffic and likely for other traffic that does not match any of the acl's, this will be dropped otherwise.
regards,
Leo
07-23-2008 02:32 AM
Is there any command for matching other traffic also ?
07-23-2008 03:27 AM
Hi ,
By adding this to route map , its mean permit any thing else if you do'nt care which int its use.
#route map ISP1 Permit 30
Regards,
07-23-2008 03:44 AM
HI,
using this command it will allow the other traffic also ?
reg,
07-23-2008 04:33 AM
yes, which does not match with acl, instead of droping it.
Regards,
07-24-2008 04:42 AM
OK, If doesn't match the acl, how it will allow my HTTP and SMTP traffic in different path. My concept is I want to allow the above said traffic in different path as well as it has to send other traffic also. Would you please provide me the sample configuration based on my n/w diagram, so that I can implement the same in my network.
07-23-2008 06:20 AM
Leo is absolutely right.
The other thing is the return-path.
I strongly recommend reading the following article which is a great resource for a Small Site Multihoming designs: http://www.nil.com/ipcorner/SmallSiteMultiHoming/
07-23-2008 06:45 AM
I have to agree the return path is going to be your primary problem and nat will solve some of it but cause more issue.
Just a comment on the policy routing. Traffic that does not match policy routing does not get dropped. It just does not get policy routed. The normal routing then takes over. Now if there is no default route and no specific route then it does indeed get dropped.
I would set a default route to one of your internet connections and just policy route everything you did not want to go there to the other. It is much easier than tring to get list of stuff to go one way or another. Just pick the stuff you do not want to go to the default and policy route that.
07-23-2008 07:49 AM
Tim,
You are right that NATing has some drawbacks; but is there anything else you can use if you can't use BGP and Service Provider isn't your good friend :) ?
07-23-2008 08:16 AM
Nope you have no other option other than nat really on a small site.
Was being a little vague and guess that caused confusion.
Had a larger post that I cut down discussing the issue of all traffic from a source needing to sometimes follow the same path rather than it being based on outgoing ports. Simple example is a server that depends on a port 80 based session to setup the https(443) and the issues it causes if these come from different source addresses
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide