| PBR - 1811 I have 2 ISP connections....
I would like to route http traffic to one and the rest of the traffic to the default.
I have yet to find the set of commands on how to do this using the SDM.
Does anyone have a sample config or tell me how I can do this?
Thanks for the help! |
|
1 edit | No idea if SDM can do.. well.. anything really.
»www.cisco.com/en/US/products/ps6···09.shtml
»supportwiki.cisco.com/ViewWiki/i···gure_PBR
»supportwiki.cisco.com/ViewWiki/i···Routing)
and a brilliant small site multihoming paper:
»wiki.nil.com/Small_site_multihoming |
|
|
|
| reply to MarkWorsnop
I seem to find ways to route traffic based on the source IP but nothing on the type of traffic. I guess I can't see the trees for the forest.
Can anyone provide a simple config for routing http to FE1? |
|
| ip access-list extended http
permit tcp 10.1.1.0 0.0.0.255 any eq 80
permit tcp 10.1.1.0 0.0.0.255 any eq 443
route-map http2isp2
match ip address http
set ip next-hop <ISP2gateway>
|
|
| reply to MarkWorsnop
THANK YOU!
The first set is the access-list which I need anyway, correct?
the Map section is the part that actually looks at the packets and routes them, correct?
Just want to make sure I understand this....
Also the I assume is an IP address? Can I put the name of the port there as the FE1 is DHCP from the ISP. FE0 has a static IP. |
|
| You got it right. IP address of ISP2 gateway or
set interface Fe1
instead.
You really should read the nil.com article, it deals much more in depth with your scenario. Like what happens if Fe1 goes down?
»wiki.nil.com/Small_site_multihoming |
|
| reply to MarkWorsnop
Now I have a clue what I am looking for this all makes sense. Will be reading the article again now. thanks again!! |
|
 tubbynetreminds me of the danse russePremium,MVM
join:2008-01-16
Chandler, AZ | said by MarkWorsnop :
Now I have a clue what I am looking for this all makes sense. Will be reading the article again now. thanks again!!
when performing a "dual-wan" setup such as this, you need to make sure that you define the two nat statements and that you are performing dynamic policy nat using route-map statements rather than using access-lists. additionally, it becomes more tricky when you want to set a static one-to-one nat out a given interface, in which case you would use static policy nat in much the same fashion. add a vpn to the mix and it gets crazy 
needless to say you should be ready to have stuff break and keep a backup of your original working config in the event stuff goes pear shaped.
q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..." |
|
