02-28-2007 02:09 PM - edited 03-03-2019 03:58 PM
hi all
i have to configure a cisco 2800
with 2 WAN interface ADSL, SERIAL(ISDN)
as the folowing :
the smtp and ftp flow pass through the ISDN
and all other trafic like www,DNS,..
must pass through ADSL (it has a dynamic ip @ )
i do the folowing but it doesn't work
---------------------
Current configuration : 5078 bytes
!
version 12.4
no service pad
!
interface FastEthernet0/1
description $ETH-LAN$
ip address W.W.W.W 255.255.255.252 secondary
ip address Y.Y.Y.Y 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip policy route-map PBR
duplex auto
speed auto
no mop enabled
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.4 point-to-point
ip access-group 138 in
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Serial0/2/0
ip address x.X.X.X (public ip @ ) 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/2/0
ip route 0.0.0.0 0.0.0.0 ATM0/1/0.4
!
!
logging trap emergencies
access-list 128 permit tcp any X.X.X.X 0.0.0.3 eq smtp
access-list 128 permit tcp any X.X.X.X 0.0.0.3 eq ftp
access-list 128 permit tcp any X.X.X.X 0.0.0.3 eq ftp-data
access-list 128 deny ip any any
access-list 138 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
route-map PBR permit 10
match ip address 128
set ip next-hop x.X.X.X
!
route-map PBR permit 20
match ip address 138
set ip next-hop (adsl ip @)
!
!
!
!
control-plane
!
!
thank's
Solved! Go to Solution.
03-04-2007 05:15 PM
It is not clear to me that the access works without any PBR configured. Assuming it does ...
the serial interface has a mask of 255.255.255.252, so the IP address of the remote end can be worked out from this - it will be the next address up if your address is odd ( e.g .2 if you are .1) , or the next address down if your address is even ( e.g .1 if you are .2) . The route should not point to the router's local interface.
02-28-2007 02:50 PM
Without knowing "how" it doesn't work ...
First , get the access working through your ADSL, then apply the PBR configs.
The PBR will only apply to the SMTP and FTP traffic, so you only need to set the next hop IP for this traffic ( ACL 128) . Normal destination-based routing will occur for the rest of the traffic.
! so remove
ip route 0.0.0.0 0.0.0.0 Serial0/2/0
! and remove as not required and is confusing me
access-list 128 deny ip any any
! and since normal routing is used for the ADSL traffic, remove
route-map PBR permit 20
match ip address 138
set ip next-hop (adsl ip @)
! and acl 138 is no longer required so can be removed.
ref: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml
One last thing, can you confirm that the next-hop IP address for the serial link is the remote end of the link?
hth,
Ross
02-28-2007 03:40 PM
Well....speaking of load balancing, how can i load balance 2 serial internet connections to work together at the same time, for fail-over reasons.
note that they're p2p connections, connected to satellite modems.
03-01-2007 05:56 AM
i did it but it doesn't work also
when i apply the policy all traffic is bloced
http smt www
i remove ip route 0.0.0.0 0.0.0.0 Serial0/2/0
access-list 128 deny ip any any
route-map PBR permit 20
match ip address 138
set ip next-hop (adsl ip @)
the hext hope is the ip adresse of the serial interface in my router i have a
% Warning: Next hop address is our address
and i don't know the ip @ of my isp to make a next hope in ur opinion could that be the problem ?
03-04-2007 05:15 PM
It is not clear to me that the access works without any PBR configured. Assuming it does ...
the serial interface has a mask of 255.255.255.252, so the IP address of the remote end can be worked out from this - it will be the next address up if your address is odd ( e.g .2 if you are .1) , or the next address down if your address is even ( e.g .1 if you are .2) . The route should not point to the router's local interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide