Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
759
Views
5
Helpful
3
Replies

Secondary ISP using Policy Based Routing

Go to solution
mdieken011
Level 1
Level 1

‎06-13-2022 09:48 AM

Here is my situation.  I need to route my guest traffic out a secondary ISP.  I need my normal traffic to route out my primary ISP so I intend to use PBR to accomplish this.  Does the below config look like it will accomplish this task?

I have kept out the actual public IP for security reasons.  They are listed as Secondary.ISP.IP and Primary.ISP.IP.

My internal Guest traffic is 10.2.0.0/16.  My Internal traffic is everything else.

 

interface GigabitEthernet0/0
nameif Secondary.ISP
security-level 0
ip address Secondary.ISP.IP 255.255.255.248
policy-route route-map PBR

 

!Define the traffic to route out the Secondary ISP interface

access-list PBR_ACL1 extended permit ip 10.2.0.0 255.255.0.0 any

 

!Define the traffic to route out the Primary.ISP Internet.
access-list PBR_ACL2 extended permit ip 10.0.0.0 255.0.0.0 any
access-list PBR_ACL2 extended permit ip 192.168.0.0 255.255.0.0 any
access-list PBR_ACL2 extended permit ip 172.16.0.0 255.240.0.0 any


Create the route map to change the route to the secondary ALLO interface.
route-map PBR permit 10
match ip address PBR_ACL1
set ip next-hop Primary.ISP.IP

route-map PBR permit 20
match ip address PBR_ACL2
set ip next-hop Secondary.ISP.IP


Apply the route map to the Internal interface.
!interface Port-channel1
!nameif Inside
!security-level 100
!ip address 10.100.10.2 255.255.255.0 standby 10.100.10.3
policy-route route-map

Apply the route map to the Guest interface to change the route.
interface Port-channel2.2
! vlan 2
!nameif Guest
!security-level 25
!ip address 10.2.0.1 255.255.0.0 standby 10.2.0.2
policy-route route-map PBR

interface Port-channel2.666
vlan 666
nameif DMZ
security-level 50
ip address 10.1.0.1 255.255.0.0 standby 10.1.0.2
policy-route route-map

Remove the existing NAT statement for Guest because the IP will be different.
no object network Public
! nat (Guest,Outside) dynamic Seconary.ISP.IP


Set the new NAT statement so the Guest traffic is routable.
object network Public
subnet 10.2.0.0 255.255.0.0
nat (Guest,Allo) dynamic Secondary.ISP.IP
This is already there and is the default route for everything else.
!route Outside 0.0.0.0 0.0.0.0 Primary.ISP.IP

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎06-13-2022 09:57 AM

@mdieken011 I would just keep it simple. Just use PBR to redirect the guest traffic via the Secondary ISP.

The normal traffic would be routed via the default route, no need to define PBR for that.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎06-13-2022 09:57 AM

@mdieken011 I would just keep it simple. Just use PBR to redirect the guest traffic via the Secondary ISP.

The normal traffic would be routed via the default route, no need to define PBR for that.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎06-13-2022 10:23 AM - edited ‎06-14-2022 05:48 AM

I agree with Mr. @Rob Ingram  solution. 
make it simple.

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎06-13-2022 10:25 AM

Agreed with Rob. Also, swap your PBR priority order. Your current order
will match guest under 10.0.0.0 and route it over primary.

***** please remember to rate useful posts
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card