cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
390
Views
0
Helpful
8
Replies

2 ISP router 2921

technicalBRO
Level 1
Level 1

Hello.
Please help me with the configuration.
We have a 2921 router, we need to connect a second ISP with a proxy server.
There is already one ISP with static addressing 192.168.100.0/28 and two local subnets.
A second ISP with addressing 10.27.1.5 is connected, followed by a proxy server 10.0.27.52.
Clients use one ISP, but if we register proxy 10.0.27.52, it should receive Internet from the second ISP

Output of the current config:
interface GigabitEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
description LAN1
encapsulation dot1Q 1 native
ip address 10.0.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.2
description LAN2
encapsulation dot1Q 2
ip address 10.0.2.254 255.255.255.0
ip helper-address 10.0.1.11
ip virtual-reassembly in
no cdp enable
!
!
interface GigabitEthernet0/1
description TO ISP2
ip address 10.27.1.5 255.255.255.0
ip nat outside
!
interface GigabitEthernet0/2
description TO ISP1
ip address 192.168.100.253 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254

 

Added it and it works and how to write a route map correctly:

ip route 10.0.27.52 255.255.255.255 10.27.1.1 name PROXY

route-map ISP1 permit 10
match interface GigabitEthernet0/2

route-map ISP2 permit 20
match ip address inet-proxy-rt
set ip next-hop 10.27.1.1

Thanks!

8 Replies 8

Hello !

Quick question:

--> Clients use one ISP, but if we register proxy 10.0.27.52, it should receive Internet from the second ISP

Does that mean you want your clients to connect to the second ISP only if the proxy server is reachable ?

One pool of clients will go to one provider, the other through a proxy. But if one of the Internets does not work, another pool of clients can use the backup one.

It easy'

Ip access list extended pool1

Permit ip pool1 any

!

Route-map ISP2  permit 10

Match ip address pool2 

Set ip next-hop verify proxy-ip

!

Ip route 0.0.0.0 0.0.0.0 isp1 track1

Ip route 0.0.0.0 0.0.0.0 isp2 100

That it

MHM

You need to use set next hop with verify option.

Verify proxy if reachable then send to proxy if not the pbr will use rib to forward traffic. 

MHM

Please help me do this correctly.

I tried this article, but it doesn't work

https://community.cisco.com/t5/routing/two-isp-two-networks-one-router/td-p/2189915

The mentioned thread works. if you have 2 ISP, each Subnet used ISP 1 and other one use ISP2 here.

when ISP1 or 2 fails they switch over to other ISP as expected.

But the question already asked before, are you expecting ISP2 connection go via Proxy  ? how is this proxy configured in the network ? are you configured manually browser proxy configured.

Do you consider  to use WCCP to redirect traffic to Proxy (based on match criteria as i think of)

Do you have rough digram how your network connected what you expecting network flow ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

--->when ISP1 or 2 fails they switch over to other ISP as expected.

In this case, switching is not necessary. if it’s not possible then it’s not critical

--->But the question already asked before, are you expecting ISP2 connection go via Proxy ? how is this proxy configured in the network ? are you configured manually browser proxy configured.

yes, only in browser settings

--->Do you consider to use WCCP to redirect traffic to Proxy (based on match criteria as i think of)

not desirable in this configuration, but it will be the entire thread. In principle, now the temporary solution is between gi0/1 and 10.27.1.0 - this is a squid, through a cascade proxy. There are disadvantages in the form of HTTP traffic, and why would there be an intermediary?!

--->Do you have rough digram how your network connected what you expecting network flow ?

Text only, but you can draw.

LAN1---                   _10.0.27.52
              |                 |
              |                 |
              |--Router--|
              |                 |
              |                  ---ISP1
LAN2---    

yes, only in browser settings  - if you have routing and NATing in place. that should work for that subnet ?

is squid in explicit or tranparent proxy ? use single interface or multi interface setup ?

You can also configure on squid to use other ISP if you like to (in case of failures)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card