10-11-2007 07:06 PM - edited 03-03-2019 07:08 PM
Hi all,
I've been trying to get this set up properly, my company has two T1's from different ISP's. I want to send L2L vpn traffic through ISP 1, and have all non-vpn type traffic go through ISP 2. I only want L2L vpn traffic to go through ISP 2 as a failover. Same goes if ISP 2 fails, I want non VPN traffic to failover to ISP 1.
This is what I have, as of tonight, going to play with the config in my lab... Is there any recommended way of doing this? Any suggestions on config?
Config~~~~~
access-list 197 remark VPN PBR LIST
access-list 197 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 198 remark PBR LIST
access-list 198 deny tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 198 permit tcp 192.168.1.0 0.0.0.255 any
!
route-map RMAP permit 10
match ip address 198
set interface Serial0/1/0
!
route-map RMAP permit 20
match ip address 197
set interface Serial0/0/0
!
route-map RMAP permit 30
match ip address 198
set interface Serial0/0/0
!
route-map RMAP permit 40
match ip address 197
set interface Serial0/1/0
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip policy route-map RMAP
Thanks in advance.
10-12-2007 06:40 AM
Hi,
No need to create 4 policies within a route-map. U can assign multiple interfaces in the set interface command. Doing this, 1st interface will be preferred & if this is down, second interface is preferred.So the config would be like this:
route-map RMAP permit 10
match ip address 198
set interface Serial0/1/0, Se0/0/0
route-map RMAP permit 20
match ip address 197
set interface Serial0/0/0, se0/1/0
10-12-2007 08:23 AM
Thank you for your response. I also gave rating.
I also found this recent article helpful:
Back to testing now. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide