12-04-2023 07:05 PM
Hello.
Please help me with the configuration.
We have a 2921 router, we need to connect a second ISP with a proxy server.
There is already one ISP with static addressing 192.168.100.0/28 and two local subnets.
A second ISP with addressing 10.27.1.5 is connected, followed by a proxy server 10.0.27.52.
Clients use one ISP, but if we register proxy 10.0.27.52, it should receive Internet from the second ISP
Output of the current config:
interface GigabitEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
description LAN1
encapsulation dot1Q 1 native
ip address 10.0.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.2
description LAN2
encapsulation dot1Q 2
ip address 10.0.2.254 255.255.255.0
ip helper-address 10.0.1.11
ip virtual-reassembly in
no cdp enable
!
!
interface GigabitEthernet0/1
description TO ISP2
ip address 10.27.1.5 255.255.255.0
ip nat outside
!
interface GigabitEthernet0/2
description TO ISP1
ip address 192.168.100.253 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
Added it and it works and how to write a route map correctly:
ip route 10.0.27.52 255.255.255.255 10.27.1.1 name PROXY
route-map ISP1 permit 10
match interface GigabitEthernet0/2
route-map ISP2 permit 20
match ip address inet-proxy-rt
set ip next-hop 10.27.1.1
Thanks!
12-05-2023 12:45 AM
Hello !
Quick question:
--> Clients use one ISP, but if we register proxy 10.0.27.52, it should receive Internet from the second ISP
Does that mean you want your clients to connect to the second ISP only if the proxy server is reachable ?
12-05-2023 04:02 AM
One pool of clients will go to one provider, the other through a proxy. But if one of the Internets does not work, another pool of clients can use the backup one.
12-05-2023 05:41 AM - edited 12-05-2023 05:41 AM
It easy'
Ip access list extended pool1
Permit ip pool1 any
!
Route-map ISP2 permit 10
Match ip address pool2
Set ip next-hop verify proxy-ip
!
Ip route 0.0.0.0 0.0.0.0 isp1 track1
Ip route 0.0.0.0 0.0.0.0 isp2 100
That it
MHM
12-05-2023 03:02 AM
You need to use set next hop with verify option.
Verify proxy if reachable then send to proxy if not the pbr will use rib to forward traffic.
MHM
12-05-2023 04:05 AM
Please help me do this correctly.
I tried this article, but it doesn't work
https://community.cisco.com/t5/routing/two-isp-two-networks-one-router/td-p/2189915
12-05-2023 04:22 AM
The mentioned thread works. if you have 2 ISP, each Subnet used ISP 1 and other one use ISP2 here.
when ISP1 or 2 fails they switch over to other ISP as expected.
But the question already asked before, are you expecting ISP2 connection go via Proxy ? how is this proxy configured in the network ? are you configured manually browser proxy configured.
Do you consider to use WCCP to redirect traffic to Proxy (based on match criteria as i think of)
Do you have rough digram how your network connected what you expecting network flow ?
12-05-2023 05:12 AM
--->when ISP1 or 2 fails they switch over to other ISP as expected.
In this case, switching is not necessary. if it’s not possible then it’s not critical
--->But the question already asked before, are you expecting ISP2 connection go via Proxy ? how is this proxy configured in the network ? are you configured manually browser proxy configured.
yes, only in browser settings
--->Do you consider to use WCCP to redirect traffic to Proxy (based on match criteria as i think of)
not desirable in this configuration, but it will be the entire thread. In principle, now the temporary solution is between gi0/1 and 10.27.1.0 - this is a squid, through a cascade proxy. There are disadvantages in the form of HTTP traffic, and why would there be an intermediary?!
--->Do you have rough digram how your network connected what you expecting network flow ?
Text only, but you can draw.
12-05-2023 06:22 AM
yes, only in browser settings - if you have routing and NATing in place. that should work for that subnet ?
is squid in explicit or tranparent proxy ? use single interface or multi interface setup ?
You can also configure on squid to use other ISP if you like to (in case of failures)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide