Re: 2811 routing 2 ISP and 2 network

h.fabien_mt · ‎09-07-2006

Hello, I have I little problem.

I have 2 adsl line with cisco 2811. I would like use one connection for server and vpns and the other for basic internet connection. But when I had the second ip route : "ip route 0.0.0.0 0.0.0.0 dialer 2". The connection was very slow. Ping to the 2 dsl interfaces was critical (from outside). When I delete the second route, everythings respond corretly. what is false? what did I forget?

Thanks

fab

wochanda · ‎09-07-2006

The problem here is pretty common. When you do this, you're load-balancing all communication to the internet to each ISP. Since most ISP's have access-lists making sure that they dont receive traffic from networks outside of their range, every other packet you send is being dropped.

You're better off making static routes for server/VPN out one network, and your default route out another.

If you want them to back each other up, clone the routes, except add an administrative distance to the backup one, like so:

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 Dialer2 150

h.fabien_mt · ‎09-11-2006

Thanks for your reply. But I don't want make a backup link. I would use un specific ISP for one network and and the other ISP for a second network.

o.hassairi · ‎09-11-2006

did you try to use source-routing?

h.fabien_mt · ‎09-11-2006

No I didn't try source-routing. I didn't find any example to use it!

royalblues · ‎09-11-2006

you have to use policy based routing to make sure some source subnets access the internet via one pipe and the rest via another

heres an eg.

say u have 2 subnets 172.16.100.0/24 and 172.16.200.0/24 ur inside interface is 172.16.100.1/24 and outside interfaces are ADSL1 - 100.100.100.100 & ADSL2 - 200.200.200.200

we will force the subnet 172.16.200.0/24 to take the ADSL route

route-map Internet permit 10

match ip address 100

set ip next-hop 200.200.200.200

access-list 100 permit ip 172.16.200.0 0.0.0.255 any

interface fa 0/1

ip address 172.16.100.1 255.255.255.0

ip policy route-map Internet

hth

Narayan

h.fabien_mt · ‎09-11-2006

Thank you for your response. it's working..

I have a last problem, now the two network can't communicate. What I forget or what can I add ?

fab

tiagocarrijo · ‎09-11-2006

You will need to create another acl, using source address and destination address for the 172.100 network.

and make de policy-based routing set next peer for this network the router itself.

h.fabien_mt · ‎09-11-2006

Thank you for your response. it's working..

I have a last problem, now the two network can't communicate. What I forget or what can I add ?

fab

royalblues · ‎09-11-2006

You mean to say there is no communication between 100.0 and 200.0 network.

Also please rate useful posts and changed the status to resolved if the comments were useful.

Narayan

h.fabien_mt · ‎09-12-2006

Thanks, yes, I'm stupid, I forget the acl deny network1 to network2 and network2 to network1.

Thank you every body.

h.fabien_mt · ‎09-13-2006

I have a other big problem. I need your help. Every thing work, but the bandwidth of the second adsl is not optimal. It was limit to 2,5Mbt/s but ISP give download to 6Mb/s and I check with a basic router and I obtain a good bandwidht. See my graph.

h.fabien_mt · ‎09-13-2006

And the last config...

h.fabien_mt · ‎09-13-2006

I found the solution...

interface atm 0/1/0

clock rate aal5 5300000

clock rate aal2 4000000

!

interface Dialer2

bandwidth 7126

Thanks