cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
799
Views
0
Helpful
6
Replies

Multiple Default Routes to Internet

tbrooks
Level 1
Level 1

We have two companies that need to communicate to each other. They are side by side and a fiber connection exists between them terminating into a fiber-ethernet converter. We want to limit who has access to the other company by placing a router between them. Both companies have PIX firewalls and seperate T1's to the Internet. We want to put a 1751 with an extra ethernet card in it so we can route between them. The left network in 192.168.0.X and the right network is 192.168.1.X. What is the best way to route only the traffic destined for the opposite networks?

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

There are a few things about the situation you describe that are not clear, such as what kind of network each company does and how they are currently doing their routing. But it seems to me based on what you describe that there is a fairly simple solution. Put the 1751 in between the two companies. In the 192.168.0.x network insert a route for 192,168,1.0 pointing to the router and keep the existing default route pointing to the PIX and to the Internet. In the 192.168.1.x network insert a route for 192.168.0.0 pointing to the router and keep the existing default route pointing to the PIX and to the Internet. If you want to control who in each company has access to the other company you can configure access lists on the interfaces to establish this control.

HTH

Rick

HTH

Rick

Thats what I thought too, but the PIX (I my experience) does not do ICMP redirects and thus cannot route back out throught the same interface. I set selected users workstations to have a default route pointing to the router and then have it do the ICMP redirect back out through its eth1/0 respectivilly. This, however, has generated a speed problem (reported by the customer but unverified) on both LANs. This is confusing. It would seem that this is a viable solution but for some reason this slows everything down.

Hi Tbrooks,

What I think we can have 2 routes on your machines which I know will be a tedious job but still.

Once you have the router in between the 2 buildings we can simply route between the 2 networks and can apply the access list for control.

Now we can let the defaut gateways on your machine which I think must be pointing to PIX for internet access and one another route pointing to the other network. In this way if the machines in one network want to access the internet can pass through PIX and machine when try to access the network in other building will go through the router.

HTH

Ankur

I am not sure why this would cause slowness. Is it possible to verify whether things really do slow down?

Have you checked for any speed and or duplex issues (especially for the router and PIX interfaces)? Have you looked at the port statistics for anything unexpected?

Perhaps if you post the router config we could spot something? (Do you have CEF enabled?)

HTH

Rick

HTH

Rick

Hi,

Use the routemap method to choose between two pools via two different interfaces.

There is a match criteria based on ip next-hop

match ip next-hop

Please try yourself with the help of following link:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml

regards

Krishnamurthy Suresh

Hi all,

Pl ignore my previous post as that was the reply meant for " Need help for redundant link config" under WAN, Routing & Switching

sorry the 1751 confused me.

Krishnamurthy Suresh