Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
2
Replies

Need help on dual ISP configuration

rgbatucan
Level 1
Level 1

‎06-06-2011 03:19 PM - edited ‎03-04-2019 12:37 PM

Hello all,

I need help in configuration of router. I want all www traffic from Area 1 to Area 2 (vice versa) will pass to IPComp Tunnel (see diagram below). All Compression Appliance were configured properly.

I configure a policy based routing in each router. Did I miss something in router configuration? Did I apply the PBR in right interfaces? How can I configure also the returned www traffic in Router 2? I really appreciate for any response. Thank you.

Still i cannot browse website with this configuration.

ROUTER 1

interface GigabitEthernet0/0
  ip policy route-map EXPAND_AREA1

route-map EXPAND_AREA1 permit 10
  description IPCOM TUNNEL TO AREA2
  match ip address EXPAND_ACL
  set ip next-hop A.A.A.2

ip access-list extended EXPAND_ACL
  remark PACKETS THAT PASSES TO IPC TUNNEL
  permit tcp any any eq www

========================================

ROUTER 2

interface GigabitEthernet0/0
  ip policy route-map EXPAND_AREA2

route-map EXPAND_AREA2 permit 10
  description IPCOM TUNNEL TO AREA1
  match ip address EXPAND_ACL
  set ip next-hop D.D.D.2

ip access-list extended EXPAND_ACL
  remark PACKETS THAT PASSES TO IPC TUNNEL
  permit tcp any any eq www

project1.png

Labels:
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎06-07-2011 06:20 AM

Your ACL on Router2 is incorrect.

you have

ip access-list extended EXPAND_ACL

  remark PACKETS THAT PASSES TO IPC TUNNEL

  permit tcp any any eq www

This is not going to work - as your destination (back to the Corportate Network) will not be a dest of tcp 80.  That is the dst of the packets from the Corperate Network to the internet, and I would suggest you be very specific about what traffic you want, "any any" is not always the best way.  Re-write your ACL's to

ROUTER 1

ip access-list extended EXPAND_ACL

  remark PACKETS THAT PASSES TO IPC TUNNEL

  permit tcp <> any eq www

E.G permit tcp 192.168.1.0 0.0.0.255 any eq www

ROUTER 2

ip access-list extended EXPAND_ACL

  remark PACKETS THAT PASSES TO IPC TUNNEL

  permit tcp any eq www <>

E.G permit tcp any eq www 192.168.1.0 0.0.0.255

HTH>

0 Helpful

rgbatucan
Level 1
Level 1
In response to andrew.prince

‎06-08-2011 03:58 PM

Thanks Andrew for correcting the config. I'll try this early morning since this is service affecting.

Just want also to ask, if the www traffic will come out to Router 2, are they going back to Router 2 too? As you can see the diagram, they can go back to Router 1 as well since Router 1 is connected to internet also. How can i make sure that www traffic will go back to Router 2? Do i still need extra configuration in Router 2? Currently, only this PBR is configured in Router 2, nothing else. Thanks.

0 Helpful
Customers Also Viewed These Support Documents