Solved: Cisco 2911 with multiple Internet connections - Page 2

andy_4578 · ‎06-21-2012

I'm sure this question comes up alot but i cant find a deffinative answer.

We are about to install a cisco 2911 router to replace a linux based router.

The Cisco will have 5 gig ports, 4 ports connected to DSL modems each modem connected to a different ISP, and the last port connected to a Cisco LAN switch.

802.1q will be used on the internal router port to split the LAN segments up into VLAN's as the building contains lots of different businesses.

Each customer in the building has there own servers and set of public IP addresses assigned e.g

Customer A - ISP 1 uses 81.34.65.78 NAT'd to 10.0.0.1 Vlan 5 port 25 (SMTP)

Customer B - ISP 2 uses 217.23.67.87 NAT'd to 192.168.1.1 Vlan 6 port 25 (SMTP)

and so on

The outbound traffic also needs to go out of the correct DSL line which ever has been assigned to that customer.

Am i right in thinking the only way to do this will be to use "Route Maps" ??

(IP addresses above are made up, or at least not ours)

cisco.kid111 · ‎06-30-2012

Hey Andy can you paste the complete working config, i would need the same shortly.

thanks in advance

CK

andy_4578 · ‎06-30-2012

Spoke to soon, i'm on the last Client in the building and the route-map wont work (config is attached if anyone can help).

Its..

route-map vlan23-out permit 40

match ip address 123

set ip next-hop 87.194.168.1

As soon as i add the route-map the client loses internet, if i take the ip policy out from the gi 0/0.123 they work but going out of the wrong ISP as they use the default route.

The config isnt finshed yet i havent put in the acl's to block inter-vlan traffic etc, just need to get all the clients online first.

andy_4578 · ‎06-30-2012

Just incase anyone notices the next hop IP is 87.194.168.90 on the route-map, ive done that so they can get internet access.

The next hop should be 87.194.168.1

elessargr · ‎04-07-2017

It has pass long time now I can see but I wouldnt like to create a new topic for something simular.

So I am having a 2911 with two vdsl modules.

vdsl1 wan ip 2.84.XXX.XXX

vdsl2 wan ip 91.138.XXX.XXX

I have for each vdsl connection a different vlan so if I need someone to send it direct from one connection I can put him to the vlan X.

For vdsl1 its the vlan 50

For vdsl2 its the vlan 51

interface GigabitEthernet0/0.50
description *** vdsl1 ***
encapsulation dot1Q 50
ip address 10.10.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map RM1
!
interface GigabitEthernet0/0.51
description *** vdsl2 ***
encapsulation dot1Q 51
ip address 10.10.51.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map RM2

ip access-list extended ACL1
permit ip 10.10.50.0 0.0.0.255 any
ip access-list extended ACL2
permit ip 10.10.51.0 0.0.0.255 any

route-map RM2 permit 20
match ip address ACL2
set default interface Dialer2
!
route-map RM1 permit 10
match ip address ACL1
set default interface Dialer1

Any ideas or suggestions why this isn't working?

Thank you in advance

Richard Burts · ‎04-08-2017

It would help us to give better answers if we knew more about your situation. In particular what is not working? Is it that the users do not have connectivity to remote resources (which could be issues with address translation or with routing, as well as issues with PBR)? Or do you know that PBR us not working? If PBR is not working then what part is not working? Is it not matching traffic correctly, or is it not using the correct path identified in the set command?

Give us more information to work with and we will try to make suggestions.

HTH

Rick

HTH

Rick