cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
968
Views
0
Helpful
1
Replies

FTP policy routing

tkatsiaounis
Level 1
Level 1

Hello. I have the following scenario. One router with two adsl lines with a couple of sla's monitoring the status of them and adding/deleting the default route from the routing table accordingly to the status of the line. My problem is the following. On one of the lines i have port forwarding configured to an FTP serve in my inside network. When both lines are UP then the ftp server stops working. When i take down the second line (the one with no port forwarding) the ftp works fine.

What could i do to ensure that an ftp session will get its reply through the same interface and not drop connections??? I suspect that a policy routing will be the best solution bt i am not really sure how that must be configured.

Thanks a lot in advance.

1 Accepted Solution

Accepted Solutions

Calin C.
Level 5
Level 5

Hello,

Yes, you can use a Policy-Based Routing (PBR).

In an ACL, you match the traffic from your FTP server (IP or subnet) to ANY. You match this ACL in a route-map. On the same route-map (let's say permit 10), you "set ip next-hop" to the subnet (IP address) where the packets are NATted in (I assume that you use NAT as you said inside network). If there is no NAT, just set next-hop so the packets go out on the same interface as they come in.

Apply this route-map to the L3 LAN interface.

A little bit of notice. You should have on the same route-map (let's say permit 20) match the same ACL, but send the packets (next-hop) to the other line. This is in case of line failure. Another solution would be to use EEM and to remove the PBR when the line go down and to put it back when the line is again.

Here is a how-to configure PBR:

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpolicy.html

Good luck!

View solution in original post

1 Reply 1

Calin C.
Level 5
Level 5

Hello,

Yes, you can use a Policy-Based Routing (PBR).

In an ACL, you match the traffic from your FTP server (IP or subnet) to ANY. You match this ACL in a route-map. On the same route-map (let's say permit 10), you "set ip next-hop" to the subnet (IP address) where the packets are NATted in (I assume that you use NAT as you said inside network). If there is no NAT, just set next-hop so the packets go out on the same interface as they come in.

Apply this route-map to the L3 LAN interface.

A little bit of notice. You should have on the same route-map (let's say permit 20) match the same ACL, but send the packets (next-hop) to the other line. This is in case of line failure. Another solution would be to use EEM and to remove the PBR when the line go down and to put it back when the line is again.

Here is a how-to configure PBR:

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpolicy.html

Good luck!

Review Cisco Networking for a $25 gift card