an interesting question i got asked today....

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Setup is..
One Cisco 877 with adsl, public ip is 1.1.1.1(dialer1)
Lan on vlan1 192.168.1.1/24
ip route 0.0.0.0 0.0.0.0 dialer1
Dsl router connected to port fa0 (vlan 2) with public ip 2.2.2.1/30
another Dsl router connected to fa1 (vlan 3) with public ip 3.3.3.1/30

What i got asked was for traffic coming in on 2.2.2.1 being natted to a server on the lan.. Can we make the traffic return oout that specific connection rather than return traffic go out the dialer1 interface?

?? Anyone got any thoughts?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This can be achieved by policy based routing mate.

 

Thanks for your reply craigie. I know PBR (and PBR rocks!) but i cant think of a way i can achieve the goal with PBR...

I will attempt to explain what i am trying to do a bit clearer as my initial post was on my phone!

If you take a look at the attached visio diagram -

View attachment 2532

the main router will be doing NAT and the default router is - "ip route 0.0.0.0 0.0.0.0 dialer 1"

They have asked me if we can use each DSL line for a different function.....
1. DSL 1 - Internet accees for the vlan 1 subnet
2. DSL 2 - Remote access via Remote Web Workplace (port 443)
3. DSL 3 - EMAIL inbound and outbound

Point 3 can be achieved using PBR as i can just PBR port 25 out the DSL 3 connection.

However, if i PBR port 443 for the remote access that this will affect secure website browsing from the lan aswell so this is the part i am a little stuck with. I thought of tagging traffic but obviously the server will remove it when it sends the reply data......

Basicaly i want traffic (ALL if possible) that comes in DSL1 to go back out DSL1....
Basicaly i want traffic that comes in DSL2 to go back out DSL2....
Basicaly i want traffic that comes in DSL3 to go back out DSL3....

but im not sure if this can be achieved?

Jon

 

Not done this before, but I think this could work, naturally you will need to NAT on the inbound SMTP and RWW onto the appropriate public IP address's on DSL 2 and DSL 3.

Internet Browsing

object-group LAN
range 192.168.1.50 192.168.1.150

access-list extended DSL1 remark ##### DSL1 PBR Internet #####
access-list extended DSL1 permit object-group LAN any any eq 80

route-map Internet
match ip address DSL1
set interface dialer1

ip nat inside source route-map Internet interface dialer1

object Server
host 192.168.1.10

Remote Web Workplace

access-list extended DSL2 remark ##### DSL2 PBR RWW 443 #####
access-list extended DSL2 permit object Server any any eq 443

route-map RWW
match ip address DSL2
set interface fa0

ip nat inside source route-map RWW interface fa0

Email

access-list extended DSL3 remark ##### DSL3 PBR SMTP 25 #####
access-list extended DSL3 permit object Server any any eq 25

route-map SMTP
match ip address DSL3
set interface fa1

ip nat inside source route-map SMTP interface fa1

 

Ahhh , create objects and seperate them out that way...... hmm interesting thought.

Thanks for pointing me in the right direction craigie. Much apreciated as always!

Jon

 

No worries mate, would be interested to know if this works.

 

havent managed to try this yet but will update once i have!