1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

an interesting question i got asked today....

Discussion in 'Routing & Switching' started by jonny7_2002, Dec 1, 2011.

  1. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    Setup is..
    One Cisco 877 with adsl, public ip is 1.1.1.1(dialer1)
    Lan on vlan1 192.168.1.1/24
    ip route 0.0.0.0 0.0.0.0 dialer1
    Dsl router connected to port fa0 (vlan 2) with public ip 2.2.2.1/30
    another Dsl router connected to fa1 (vlan 3) with public ip 3.3.3.1/30

    What i got asked was for traffic coming in on 2.2.2.1 being natted to a server on the lan.. Can we make the traffic return oout that specific connection rather than return traffic go out the dialer1 interface?

    ?? Anyone got any thoughts?
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  2. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    This can be achieved by policy based routing mate.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  3. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    Thanks for your reply craigie. I know PBR (and PBR rocks!) but i cant think of a way i can achieve the goal with PBR...

    I will attempt to explain what i am trying to do a bit clearer as my initial post was on my phone!

    If you take a look at the attached visio diagram -

    View attachment 2532

    the main router will be doing NAT and the default router is - "ip route 0.0.0.0 0.0.0.0 dialer 1"

    They have asked me if we can use each DSL line for a different function.....
    1. DSL 1 - Internet accees for the vlan 1 subnet
    2. DSL 2 - Remote access via Remote Web Workplace (port 443)
    3. DSL 3 - EMAIL inbound and outbound

    Point 3 can be achieved using PBR as i can just PBR port 25 out the DSL 3 connection.

    However, if i PBR port 443 for the remote access that this will affect secure website browsing from the lan aswell so this is the part i am a little stuck with. I thought of tagging traffic but obviously the server will remove it when it sends the reply data......

    Basicaly i want traffic (ALL if possible) that comes in DSL1 to go back out DSL1....
    Basicaly i want traffic that comes in DSL2 to go back out DSL2....
    Basicaly i want traffic that comes in DSL3 to go back out DSL3....

    but im not sure if this can be achieved?

    Jon
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  4. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Not done this before, but I think this could work, naturally you will need to NAT on the inbound SMTP and RWW onto the appropriate public IP address's on DSL 2 and DSL 3.

    Internet Browsing

    object-group LAN
    range 192.168.1.50 192.168.1.150

    access-list extended DSL1 remark ##### DSL1 PBR Internet #####
    access-list extended DSL1 permit object-group LAN any any eq 80

    route-map Internet
    match ip address DSL1
    set interface dialer1

    ip nat inside source route-map Internet interface dialer1

    object Server
    host 192.168.1.10

    Remote Web Workplace

    access-list extended DSL2 remark ##### DSL2 PBR RWW 443 #####
    access-list extended DSL2 permit object Server any any eq 443

    route-map RWW
    match ip address DSL2
    set interface fa0

    ip nat inside source route-map RWW interface fa0

    Email

    access-list extended DSL3 remark ##### DSL3 PBR SMTP 25 #####
    access-list extended DSL3 permit object Server any any eq 25

    route-map SMTP
    match ip address DSL3
    set interface fa1

    ip nat inside source route-map SMTP interface fa1
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
    keconnect sparky likes this.
  5. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    Ahhh , create objects and seperate them out that way...... hmm interesting thought.

    Thanks for pointing me in the right direction craigie. Much apreciated as always!

    Jon
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  6. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    No worries mate, would be interested to know if this works.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  7. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    havent managed to try this yet but will update once i have!
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)

Share This Page

Loading...