multi-homed DSL with NAT and PBR

Discussion in 'Cisco' started by Nikos 'paranic' Parastatidis, Jun 17, 2004.

  1. Hi there

    i have the folowing senario
    i own an 1721 with 2 WIC1-ADSL ATM modules and one fastethernet

    im truing to setup a Policy Based Routing so i forward gaming ports to ATM0
    and the rest of the trafic to ATM1
    ATM0 is bound to Dialer1 and ATM1 is bound to Dialer2

    you can find my testing config at http://zion.quake.gr/~paranic/cfg

    for some reason it doesend work altho i tryed routing everything to dialer1
    and then dialer2 and both dialers work fine
    its just the PBR that doesent work
    notice that 194.219.7.* is interal fake ips

    any help would be apriciated

    Thanks in advance
    Nikos
    Nikos 'paranic' Parastatidis, Jun 17, 2004
    #1
    1. Advertising

  2. On Thu, 17 Jun 2004 02:36:14 +0300, Nikos 'paranic' Parastatidis wrote:

    > Hi there
    >
    > i have the folowing senario
    > i own an 1721 with 2 WIC1-ADSL ATM modules and one fastethernet
    >
    > im truing to setup a Policy Based Routing so i forward gaming ports to
    > ATM0 and the rest of the trafic to ATM1 ATM0 is bound to Dialer1 and
    > ATM1 is bound to Dialer2


    There's a few things.

    You don't send anything to the ATM interfaces, everything needs to go
    through the dialers.

    In your route-map PBR ACL 101 matches all traffic so everything heads
    towards ATM0 anyway.

    Perhaps something like this.

    !
    interface ATM0
    no ip nat outside
    no ip nbar protocol-discovery
    no ip route-cache flow
    !
    interface ATM1
    no ip nat outside
    no ip nbar protocol-discovery
    no ip route-cache flow
    !
    interface FastEthernet0
    ip route-cache policy
    !
    ip nat inside source route-map D1 interface Dialer1 overload
    ip nat inside source route-map D2 interface Dialer2 overload
    !
    ip route 0.0.0.0 0.0.0.0 Dialer2
    access-list 10 permit 194.219.7.0 0.0.0.255
    !
    route-map D1 permit 10
    match ip address 10
    match interface Dialer1
    !
    route-map D2 permit 10
    match ip address 10
    match interface Dialer2
    !
    route-map PBR permit 1
    match ip address <some ACL that matches your gaming traffic>
    set interface Dialer1
    !
    end

    --
    Rgds,
    Martin
    Martin Gallagher, Jun 17, 2004
    #2
    1. Advertising

  3. "Martin Gallagher" <> wrote in message
    news:p...
    >
    > On Thu, 17 Jun 2004 02:36:14 +0300, Nikos 'paranic' Parastatidis wrote:
    >
    > > Hi there
    > >
    > > i have the folowing senario
    > > i own an 1721 with 2 WIC1-ADSL ATM modules and one fastethernet
    > >
    > > im truing to setup a Policy Based Routing so i forward gaming ports to
    > > ATM0 and the rest of the trafic to ATM1 ATM0 is bound to Dialer1 and
    > > ATM1 is bound to Dialer2

    >
    > There's a few things.
    >
    > You don't send anything to the ATM interfaces, everything needs to go
    > through the dialers.
    >
    > In your route-map PBR ACL 101 matches all traffic so everything heads
    > towards ATM0 anyway.
    >
    > Perhaps something like this.
    >
    > !
    > interface ATM0
    > no ip nat outside
    > no ip nbar protocol-discovery
    > no ip route-cache flow
    > !
    > interface ATM1
    > no ip nat outside
    > no ip nbar protocol-discovery
    > no ip route-cache flow
    > !
    > interface FastEthernet0
    > ip route-cache policy
    > !
    > ip nat inside source route-map D1 interface Dialer1 overload
    > ip nat inside source route-map D2 interface Dialer2 overload
    > !
    > ip route 0.0.0.0 0.0.0.0 Dialer2
    > access-list 10 permit 194.219.7.0 0.0.0.255
    > !
    > route-map D1 permit 10
    > match ip address 10
    > match interface Dialer1
    > !
    > route-map D2 permit 10
    > match ip address 10
    > match interface Dialer2
    > !
    > route-map PBR permit 1
    > match ip address <some ACL that matches your gaming traffic>
    > set interface Dialer1
    > !
    > end
    >
    > --
    > Rgds,
    > Martin


    ok Martin

    here are the results now

    with this config you proposed me ( http://zion.quake.gr/~paranic/cfg2 ) i
    can successfull change ip route 0.0.0.0 0.0.0.0 to either dialer1 and
    dialer2 and get difrenent routes but only by hand
    then you told me to :

    route-map PBR permit 1
    match ip address <some ACL that matches your gaming traffic>
    set interface Dialer1

    and i made an ACL that matches my some gaming ports for testing reasons i
    made an extend accesslist that matches web ports for faster debugins by
    pointing my brower to http://www.whatismyip.com/
    the result i got with the extended ACL was the Dialer2 interface ip
    then as i shaw nat was working great getting info on what to nat from D1 and
    D2 i tested making an standard ACL
    access-list 11 permit host 194.219.7.98 (one of my interal hosts)
    and then matched 11 acl to PBR route-map
    the result was this box geting out from Dialer2 again :-(

    here are some info you may need
    argo#sh ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
    ia - IS-IS inter area, * - candidate default, U - per-user static
    route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is 0.0.0.0 to network 0.0.0.0

    80.0.0.0/32 is subnetted, 2 subnets
    C 80.76.56.80 is directly connected, Dialer2
    C 80.76.42.179 is directly connected, Dialer2
    C 194.219.7.0/24 is directly connected, FastEthernet0
    193.92.233.0/32 is subnetted, 1 subnets
    C 193.92.233.67 is directly connected, Dialer1
    194.219.239.0/32 is subnetted, 1 subnets
    C 194.219.239.2 is directly connected, Dialer1
    S* 0.0.0.0/0 is directly connected, Dialer2

    route-map PBR, permit, sequence 1
    Match clauses:
    ip address (access-lists): 11
    Set clauses:
    interface Dialer1
    Policy routing matches: 0 packets, 0 bytes
    route-map D1, permit, sequence 10
    Match clauses:
    ip address (access-lists): 10
    interface Dialer1
    Set clauses:
    Policy routing matches: 0 packets, 0 bytes
    route-map D2, permit, sequence 10
    Match clauses:
    ip address (access-lists): 10
    interface Dialer2
    Set clauses:
    Policy routing matches: 0 packets, 0 bytes

    dont i need to bound some route-map on fa0? my internal interface?
    Nikos 'paranic' Parastatidis, Jun 17, 2004
    #3
  4. On Thu, 17 Jun 2004 06:55:03 +0300, Nikos 'paranic' Parastatidis wrote:


    > here are the results now
    >
    > with this config you proposed me ( http://zion.quake.gr/~paranic/cfg2 )
    > i can successfull change ip route 0.0.0.0 0.0.0.0 to either dialer1 and
    > dialer2 and get difrenent routes but only by hand then you told me to :
    >
    > route-map PBR permit 1
    > match ip address <some ACL that matches your gaming traffic> set
    > interface Dialer1
    >

    [Snip]
    >
    > dont i need to bound some route-map on fa0? my internal interface?


    Whoops, sorry if I misled you. I tried to include only things I thought
    you needed to change. In your original config you had:

    !
    interface FastEthernet0
    ip policy route-map PBR
    !

    That command does need to be there, as you say, or no policy routing
    will happen.

    --
    Rgds,
    Martin
    Martin Gallagher, Jun 17, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. kvoy

    PIX MULTI-HOMED

    kvoy, Feb 23, 2005, in forum: Cisco
    Replies:
    2
    Views:
    605
  2. Froggy_Zorgy

    Three ISP, NAT an PBR problem...

    Froggy_Zorgy, Dec 21, 2006, in forum: Cisco
    Replies:
    0
    Views:
    884
    Froggy_Zorgy
    Dec 21, 2006
  3. Replies:
    7
    Views:
    859
  4. bod43
    Replies:
    0
    Views:
    537
    bod43
    Dec 5, 2010
  5. Rob
    Replies:
    0
    Views:
    502
Loading...

Share This Page