Re: Policy Based routing from Shaughn Smith on 2010-09-25 (Ccielab archives 09/2010)

From: Shaughn Smith <maniac.smg_at_gmail.com>
Date: Sat, 25 Sep 2010 23:43:56 +0200

Hi Edmore.

The issue you are going to have is with the natting. If I look at that design there is no "outside" interface so to speak. Are you trying to nat out on the same interface the traffic is coming in on ?

If there is a switch involved how about putting the DSL device in a separate vlan and then running router on a stick, ie sub-interface on the router in that vlan. You then use nat inside on the LAN interface and nat "outside" on the sub interface. You can then use PBR to take care of the FTP and WWW requirements

Easiest in my opinion would be to install a DSL wic and use that.

Sent from my iPhone 3GS

On 25 Sep 2010, at 9:49 PM, Edmore Chingwena <chingwenaed_at_gmail.com> wrote:

> hi Experts
>
> I wish to check the following
>
> Requirement is to push all web and ftp traffic via isp1 and all the other
> via isp 2. Only 1 ethernet interface on R1. Is there a way around this using
> policy based routing
> If I am to nat how will i overload
>
> 10.1.3.253/24
> ::::::::::::::::--------------------O----->FW1ISPA ADSL-Sonic Firewall--www
> : L2 Switch :
> ::::::::::::::::--------------------O----->R1ISPB dedicated link Cisco
> 10.1.3.254/24
>
> !
> interface FastEthernet0/0
> ip address 10.1.3.254 255.255.255.0
> ip policy route-map adsl
>
> route-map adsl permit 10
> match ip address 100
> set ip next-hop 10.1.3.253
> !
> access-list 100 permit tcp 10.1.3.0 0.0.0.255 any eq www
> access-list 100 permit tcp any 10.1.3.0 0.0.0.255 eq 443
> access-list 100 permit tcp any 10.1.3.0 0.0.0.255 eq www
> access-list 100 permit tcp 10.1.3.0 0.0.0.255 any eq 443
>
> Is there a way to get the above to work without doing anything on the
> firewall
>
> What else do i need to add to this to get users behind switch to browse in
> same subnet as cisco router and firewall
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Sep 25 2010 - 23:43:56 ART

This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:06 ART