Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

traffic routing between serial and dsl interface

Hi there

I have a big problem that is on my mind a long time now

The scenario is as simplest as I can 123 be.

1760 with a serial, a DSL and an Ethernet interface

Ethernet on LAN

Serial 2Mbit on x provider with a c class for addresses

DSL with static ip

Internal machines run services on several ports and they have IP

addresses of the serial 2Mbit provider.

What I want to do is:

Route gamming traffic and services on Serial Interface

And everything else (including P2P programs) NATed and on DSL


No my thoughts:

In order to have services on local machines working and accessible from

the outside world I think I must 'ip route


The classification of the traffic must be based on gamming traffic and


Witch I have a working list of all games ports and is working great on

another location.

Trying to specify everything else except gamming is madness.

So how can I route everything except gamming traffic to the DSL

interface and allow gaming traffic from the 'default' Serial


Notice that I am pretty familiar with Policy Based Routing and all

those stuff, but this kind of scenario drives me crazy.

Maybe an access-list that allow all traffic and deny gaming and

services, and use this access-list to a route-map and 'set interface

Dialer1' and then attach this route-map to Ethernet interface.

So everything that permitted by access-list will be routed to Dialer1

... NATed and out on the internet.

And everything that is denied by the access-list will be routed on the

default route through Serial interface.

And requests coming from the outside world on the serial interface will

be go to local machines directly and services will operate nicely.

Do you think this scenario will work? Is it worth trying it?

Anyone has any other better idea?

i attached my current config.

Thanks in Advance



Re: traffic routing between serial and dsl interface

I think your suggestion is the most suited one. The scenario suggested by you will work fine , I believe. At the same time, be clear about where to apply Natting and what to translate.This will give you a clear sketch in advance for doing the configuration..

New Member

Re: traffic routing between serial and dsl interface

ok now i have made the folowing config.

IOS (tm) C1700 Software (C1700-SY7-M), Version 12.2(15)T16, RELEASE SOFTWARE (fc2)

System image file is "flash:c1700-sy7-mz.122-15.T16.bin"

Building configuration...

Current configuration : 5469 bytes


version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

service sequence-numbers


hostname router


boot system flash c1700-sy7-mz.122-15.T16.bin

logging queue-limit 100

logging buffered 4096 informational

enable secret 5 xxxxxxxxxxxxxxxxxx

enable password 7 xxxxxxxxxxxxxxxxxx


username xxxxxxxxxxxx privilege 7 secret 5 xxxxxxxxxxxxxxxxxxxxx

ip subnet-zero

no ip source-route

ip gratuitous-arps

ip wccp version 1




no ip bootp server

ip cef




interface FastEthernet0/0

ip address 212.x.x.x.x.255.128

ip nat inside

ip route-cache policy

ip route-cache flow

ip policy route-map PBR

speed auto


no cdp enable


interface Serial0/0

ip address 62.x.x.x.255.255.252


no cdp enable


interface ATM1/0

bandwidth 1024

no ip address

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1


dsl operating-mode auto

hold-queue 224 in


interface Dialer1

bandwidth 1024

ip address negotiated

ip mtu 1492

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1


no cdp enable

ppp authentication pap chap callin

ppp chap hostname xxxxxxxxxxxxxxx

ppp chap password 7 xxxxxxxxxxxxxxxx

ppp pap sent-username xxxxxxxxxxx password 7 xxxxxxxxxxxxxx

ppp ipcp dns request

ppp ipcp wins request

hold-queue 224 in


ip nat inside source route-map D1 interface Dialer1 overload

ip classless

ip route Serial0/0

no ip http server




logging trap debugging

logging facility local2

access-list 1 permit

access-list 10 permit

access-list 120 permit udp any any eq 4000

access-list 120 permit tcp any any eq 4000

access-list 120 permit udp any any range 6112 6119

access-list 120 permit tcp any any range 6112 6119

access-list 120 permit tcp any any eq 3724

access-list 120 permit tcp any any range 6881 6999

access-list 120 permit tcp any any range 2025 2035

access-list 120 permit udp any any range 2025 2035

access-list 120 permit tcp any any eq 22

access-list 120 permit igmp any any

access-list 120 permit icmp any any

access-list 120 permit tcp any any eq 2025

access-list 121 deny tcp any any eq 2025

access-list 121 permit ip any any

dialer-list 1 protocol ip permit

no cdp run


route-map PBR permit 10

match ip address 120

match interface FastEthernet0/0

set interface Serial0/0


route-map PBR permit 20

match ip address 121

match interface FastEthernet0/0

set interface Dialer1


route-map D1 permit 1

match ip address 10

match interface Dialer1


alias exec spc show proc cpu | exclude 0.00


no scheduler allocate


whith this config everything works great ports on access-list 120 go out from serial interface and everything else goes out from Dialer1.

but still the main problem remains.

i have several machines on my internal lan running services and i cant access them with theyr real ip

Serial interface routs a masked c class and dialer interface has only one ip and needs nat.

what is the solution here

where is the nat problem?

Thanks in advance


CreatePlease to create content