Solved: Thanks for your response

christopher.perez · ‎07-02-2014

I have a LAN 192.168.20.0 on a GigabitEthernet 0/0. Three Dialers configured, each one with different ISP. The dialers are configured correctly. And all computers have internet with "ip route 0.0.0.0 0.0.0.0 Dialer0". If I use another Dialer the computers have internet connection too.

I create a subnet with:

interface GigabitEthernet 0/0

ip address 192.168.21.1 255.255.255.0 secondary

I have new computers on this subnet. Well. I want that this subnet use Dialer1 instead Dialer0 as default. How I can do this?

NOTE: I can not use load balance with the Dialers. I have some computers that have a direct connections that can not be interrupted.

Thanks!

Vasilii Mikhailovskii · ‎07-05-2014

Hello.

On you route-map you need to use "set interface" instead of "match interface", as it was mentioned a couple of posts before.

Also you need to deny local traffic in ACLs 101 and 102:

ip access-l ext 100
remark do not NAT
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255

ip access-l ext 101
remark NAT 1st subnet
permit ip 192.168.20.0 0.0.0.255 any

ip access-l 102
remark NAT 1st subnet
permit ip 192.168.21.0 0.0.0.255 any

route-map PBR deny 10
match ip address 100

route-map PBR permit 20
match ip address 101
set interface Di0

route-map PBR permit 30
match ip address 102
set interface Di1

and apply the PBR to inside interface.

View solution in original post

Dragan Ilic · ‎07-02-2014

You can utilize Policy Based routing for this without a problem...

BR,

Dragan

HTH,
Dragan

christopher.perez · ‎07-02-2014

Thanks for your response Drangan. I study this possibility, previous to ask here, I search in a lot of sites and I read http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpbr.html

I added:

access-list 13 permit 192.168.21.0 0.0.0.25

route-map NewSubnet permit 13

match ip address 13

match interface Dialer1

But It is not enought, I proved and the computers on 192.168.21.0 subnet not have internet connection.

What's wrong?

Best regards,

Christopher

Dragan Ilic · ‎07-02-2014

I think you need to "set" outgoing interface..."set interface..." in route map...

BR,

Dragan

HTH,
Dragan

christopher.perez · ‎07-04-2014

Hello again,

I tried different alternatives and I have no solution. I tried with:

access-list 12 permit 192.168.20.0 0.0.0.255

access-list 13 permit 192.168.21.0 0.0.0.255

access-list 101 permit ip 192.168.20.0 0.0.0.255 any

access-list 102 permit ip 192.168.21.0 0.0.0.255 any

route-map NewSubnet permit 13

match ip address 102

match interface Dialer2

route-map Datos permit 12

match ip address 101

match interface Dialer2

ip nat inside source list 12 interface Dialer0 overload

ip nat inside source list 13 interface Dialer1 overload

interface GigabitEthernet 0/0

ip policy route-map NewSubnet

ip policy route-map Datos

ip route-map 0.0.0.0 0.0.0.0 Dialer0

ip route-map 0.0.0.0 0.0.0.0 Dialer1

I connect a pc to 192.168.21.1, this have ping to 192.168.21.1 (gateway), to 192.168.20.1 and the computers from the other network (192.168.20.x), but not have internet access. The computers from 192.168.20.x have internet access.

If I increase the permit of acces-list 12 to 192.168.0.0 0.0.255.255 and use this. NewSubnet and Datos route-map permit internet access with two net.

Any idea?

BR,