Traffic redirect on a 1601R

Discussion in 'Cisco' started by Gibo_ie, Oct 1, 2004.

  1. Gibo_ie

    Gibo_ie Guest

    Guys,

    I am not an expert in Cisco Kit unfortunatley so any help.ideas are
    gratefully received.Using a Cisco 1601R which is on the LAN and the
    default gateway for all machines. It has a single route at the moment
    pointing to the IP of internal firewall address.

    Got a second line in with connection to a different ISP. Want to
    forward all HTTP/HTTPS traffic down new line and the rest continue as
    always through old line incl incoming mail and http requests to web
    site.

    e.g. Old firewall internal ip 192.168.16.1
    New firewall internal ip 192.168.16.2

    config appreciated.
    thoughts ideas??
    Thanks in advance.
    Gibo
    Gibo_ie, Oct 1, 2004
    #1
    1. Advertising

  2. Gibo_ie

    Ivan Ostreš Guest

    In article <>,
    says...
    > Guys,
    >
    > I am not an expert in Cisco Kit unfortunatley so any help.ideas are
    > gratefully received.Using a Cisco 1601R which is on the LAN and the
    > default gateway for all machines. It has a single route at the moment
    > pointing to the IP of internal firewall address.
    >
    > Got a second line in with connection to a different ISP. Want to
    > forward all HTTP/HTTPS traffic down new line and the rest continue as
    > always through old line incl incoming mail and http requests to web
    > site.
    >
    > e.g. Old firewall internal ip 192.168.16.1
    > New firewall internal ip 192.168.16.2
    >
    > config appreciated.
    > thoughts ideas??
    >


    You can easily do that using policy based routing. Go to www.cisco.com
    and search for PBR. There are some really good examples how to do what
    you want, and it's really simple.


    --
    -Ivan.

    *** Use Rot13 to see my eMail address ***
    Ivan Ostreš, Oct 1, 2004
    #2
    1. Advertising

  3. In article <>,
    Ivan Ostreš <> wrote:
    :In article <>,
    : says...
    :> Got a second line in with connection to a different ISP. Want to
    :> forward all HTTP/HTTPS traffic down new line and the rest continue as
    :> always through old line incl incoming mail and http requests to web
    :> site.

    :You can easily do that using policy based routing. Go to www.cisco.com
    :and search for PBR.

    The OP will also need some NAT so that the outgoing traffic to the
    second ISP goes out with an IP address routed by the second ISP. If
    the OP does not do that then the return traffic for the outgoing
    http/https requests will come back via the first ISP (best case),
    or the outgoing traffic will be blocked by the second ISP (worst case)
    if it recognizes that the IP is not one that it serves.

    Unfortunately, 'NAT - Ability to use Route Maps with Static Translations'
    is not supported on the OP's 1601 in any software release.
    The 1601 does support generally NAT all the way back to 11.2P, so
    the OP might be able to fake it by (e.g.,) using a route map feeding into a
    loopback interface that does the NAT and sends the traffic onwards
    to the second ISP.
    --
    Would you buy a used bit from this man??
    Walter Roberson, Oct 1, 2004
    #3
  4. Gibo_ie

    PES Guest

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:cjk66t$naf$...
    > In article <>,
    > Ivan Ostreš <> wrote:
    > :In article <>,
    > : says...
    > :> Got a second line in with connection to a different ISP. Want to
    > :> forward all HTTP/HTTPS traffic down new line and the rest continue as
    > :> always through old line incl incoming mail and http requests to web
    > :> site.
    >
    > :You can easily do that using policy based routing. Go to www.cisco.com
    > :and search for PBR.
    >
    > The OP will also need some NAT so that the outgoing traffic to the
    > second ISP goes out with an IP address routed by the second ISP. If
    > the OP does not do that then the return traffic for the outgoing
    > http/https requests will come back via the first ISP (best case),
    > or the outgoing traffic will be blocked by the second ISP (worst case)
    > if it recognizes that the IP is not one that it serves.


    The original poster stated that the router currently directed traffic to a
    firewall with an ip address of 192.168.16.1. The second route (which he
    wishes to route www traffic) was through firewall ip address of
    192.168.16.2. Assuming that he/she did not alter the addressing to protect
    the innocent, a firewall or nat device (likely the next hops listed above)
    out each associate path will be doing the nat. Since the nat for each path
    is in its own device, it is of no concern for the policy based routing.
    PES, Oct 2, 2004
    #4
  5. Gibo_ie

    Guest

    Thanks guys,
    Yes the second firewall will perform the NAT.
    Was not 100% about the PBR but will read some more,
    Thanks again
    , Oct 4, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    3
    Views:
    2,260
  2. Walter Roberson

    Re: Configuration help on 1601r

    Walter Roberson, Dec 1, 2003, in forum: Cisco
    Replies:
    0
    Views:
    393
    Walter Roberson
    Dec 1, 2003
  3. mike

    cisco 1601r no access to Wan

    mike, Dec 2, 2003, in forum: Cisco
    Replies:
    2
    Views:
    480
  4. Andrew Albert
    Replies:
    3
    Views:
    3,372
    Barry Margolin
    Jul 21, 2004
  5. Waltjones40

    No internet access from Cisco 1601R

    Waltjones40, Jun 7, 2007, in forum: Cisco
    Replies:
    8
    Views:
    623
    Waltjones40
    Jun 18, 2007
Loading...

Share This Page