How to configure Lease line and ADSL

phnhuong · ‎11-01-2005

Dear Sir/Madam

I have network as follows:

LAN---Fire Wall--Router 1841--

-----Lease line

I

-----ADSL

I want traffic IN include:email(smtp,POP3), VPN, Web mail... use lease line and traffice OUT include: access web,FTP,yahoo chat...use ADSL.

Now I configured both lease line and ADSL Up but all traffic alway use lease line.

can you help me!

Thanks a lot

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname VT

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

username aabb privilege 15 secret 5 $1$A7lA$WX3Z6vi/Ja84pec94rCcj.

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

ip domain name vti.com

ip name-server 203.162.4.12

ip name-server 203.113.131.11

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

no ftp-server write-enable

!

interface FastEthernet0/0

description connected to EthernetLAN

ip address 222.255.74.110 255.255.255.248

ip nat inside

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0

description connected to VDC

ip address 222.255.79.249 255.255.255.252

ip nat outside

!

interface ATM0/1/0

description connected to Viettel

ip address dhcp hostname viettel

ip helper-address 203.113.131.11

no atm ilmi-keepalive

dsl operating-mode auto

pvc 8/35

pppoe-client dial-pool-number 1

!

interface Dialer1

ip address negotiated

ip mtu 1452

ip nat outside

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname 038721c

ppp chap password 0 49bc60

ppp pap sent-username 038721c

password 0 49bc60

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http authentication local

ip http timeout-policy idle 600 life 86400 requests 10000

!

dialer-list 1 protocol ip permit

snmp-server community string RO

snmp-server enable traps tty

!

control-plane

!

line con 0

login local

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

line vty 5 15

privilege level 15

login local

transport input telnet

!

end

Georg Pauwen · ‎11-01-2005

Hello,

in order to manipulate the traffic flow, your best option is probably to implement policy routing, where you tell the router to send certain traffic out one interface, and other traffic out another interface.

The access lists that define which traffic has to go where can become a little tricky, depending on what you want, here is what I think the configuration should look like, based on the information you have provided:

interface FastEthernet0/0

ip policy route-map TRAFFIC

!

route-map TRAFFIC permit 10

match ip address 101

set interface Serial0/0/0

!

route-map TRAFFIC permit 20

match ip address 102

set interface Dialer1

!

route-map TRAFFIC permit 30

!

access-list 101 permit tcp any any eq smtp

access-list 101 permit tcp any eq smtp any

access-list 101 permit tcp any any eq pop3

access-list 101 permit tcp any eq pop3 any

!

access-list 102 permit tcp any any eq www

access-list 102 permit tcp any any eq domain

access-list 102 permit tcp any any eq ftp

access-list 102 permit udp any any range 5000 5010

access-list 102 permit tcp any any range 5000 5001

As I said, the access list might become tricky. Outlook Web Access, for example, use the common WWW port 80 as well. Also, you will need to find out which ports your VPN is using, and add those to the access list.

By the way, UDP ports 5000 thru 5010 are used by Yahoo, if those don't work, it will try TCP port 5000 thru 5001.

Let me know if you run into trouble with this, or if you need more help...

Regards,

GP