Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3887
Views
0
Helpful
15
Replies

Manage PBR for return traffic to clients.

_Ratha_
Level 1
Level 1

‎03-27-2018 02:50 AM - edited ‎03-05-2019 10:10 AM

 

Policy based routing.PNG

Based on Diagram above:

Client computer accessing server with public IP address 2.2.2.10 through ISP2. I need the return traffic much be back with ISP2, but default AD to ISP1 is lower.

 

How to manage traffic to return to Client with origin ISP?

 

Thank,

Ratha

 

Labels:
0 Helpful
15 Replies 15

Deepak Kumar
VIP Alumni
VIP Alumni

‎03-27-2018 02:54 AM

Hi, 

It is possible with route-map (PBR).

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

_Ratha_
Level 1
Level 1
In response to Deepak Kumar

‎03-27-2018 03:05 AM

yes, but what option in PBR? how to apply this config?
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to _Ratha_

‎03-27-2018 03:45 AM

Hi,

Can you confirm clients ip are fixed one or dynamic or your server is reahable only through  isp2 from outside?

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

_Ratha_
Level 1
Level 1
In response to Deepak Kumar

‎03-27-2018 03:54 AM

Clients from internet is dynamic IPs. Web server can reach via both ISPs.
0 Helpful

Georg Pauwen
VIP
VIP
In response to _Ratha_

‎03-27-2018 04:43 AM - edited ‎03-27-2018 04:45 AM

Hello,

 

which of the devices do you control ? If you control the ASA, you can set the routing there...

0 Helpful

_Ratha_
Level 1
Level 1
In response to Georg Pauwen

‎03-27-2018 04:48 AM

On ASA firewall
0 Helpful

Georg Pauwen
VIP
VIP
In response to _Ratha_

‎03-27-2018 04:58 AM

Hello,

 

try the below. Since policy routing is done before NAT, I think you should match on the internal address:

 

access-list WEBSERVER extended permit ip host 192.168.1.10 any
!
route-map TO_ISP1 permit 100
match ip address WEBSERVER
set interface FastEthernet0/1
!
interface FastEthernet0/1
policy-route route-map TO_ISP1

0 Helpful

_Ratha_
Level 1
Level 1
In response to Georg Pauwen

‎03-27-2018 05:51 AM

Based on route AD, traffic is automatically to ISP1 but what I want is "traffic from internet to ISP2 IP address will return traffic via ISP2 to clients.
0 Helpful

Georg Pauwen
VIP
VIP
In response to _Ratha_

‎03-27-2018 06:21 AM

Hello,

 

change the route map to:

 

access-list WEBSERVER extended permit ip host 192.168.1.10 any
!
route-map TO_ISP2 permit 100
match ip address WEBSERVER
set interface FastEthernet0/0
!
interface FastEthernet2/0
policy-route route-map TO_ISP2

0 Helpful

_Ratha_
Level 1
Level 1
In response to Georg Pauwen

‎03-27-2018 07:23 AM

Based on this configuration, even traffic from ISP1 also return via ISP2. How to make traffic from ISP1 return via ISP1 and traffic from ISP2 return via ISP2?
0 Helpful

Georg Pauwen
VIP
VIP
In response to _Ratha_

‎03-27-2018 08:59 AM

You can extend the route map to define which traffic you want to go where:

 

access-list WEBSERVER extended permit ip host 192.168.1.10 any

access-list OTHER extended permit ip any any

route-map TO_ISP permit 10
match ip address WEBSERVER
set interface FastEthernet0/0

 

route-map TO_ISP permit 20
match ip address OTHER
set interface FastEthernet0/1
!
interface FastEthernet2/0
policy-route route-map TO_ISP

0 Helpful

_Ratha_
Level 1
Level 1
In response to Georg Pauwen

‎03-27-2018 06:23 PM

Assuming that web server 192.168.1.10 configure static NAT to IP 1.1.1.10(ISP1's IP) and 2.2.2.10(ISP2's IP). I need clients from internet with IP 5.5.5.5 access to web server by 1.1.1.10 via ISP1 will return traffic by ISP1, then again client 5.5.5.5 access the same web server via 2.2.2.10(ISP2) will return traffic via ISP2.

 

Thank

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to _Ratha_

‎03-27-2018 09:16 PM

Hi,

Is it static/ default route or dynamic routing? you configured different ad value for both isp. 

I need to check in the lab but you can archive your goal with correct routing and minor changing in load balancing feature. Again I need to test it in my lab. 

If anyone have idea please share.

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

_Ratha_
Level 1
Level 1
In response to Deepak Kumar

‎03-27-2018 09:28 PM

Static default route is configured to both ISPs which default route will go through ISP1 is lower than static default to ISP2.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card