01-12-2011 07:43 AM - edited 03-04-2019 11:03 AM
I have been trying with some success to setup a Cisco 1841 router with 2 internet connections.
I have one SDSL (connected to F0/1) and an ADSL connection (Dialer0)
I want priority business traffic to use the SDSL
Normal web browsing to use the ADSL
Site-to-site VPN traffic should go over the SDSL as well as client connections
We also have a number of servers in the DMZ which use IPs on the SDSL line.
I had managed to setup most of what I needed but I keep hitting some problems when I come to testing things like client VPNs (where the return traffic is going out the wrong interface).
I have NAT statements using route-maps to NAT with the interface IP using the overload command.
I'd put in static routes for accessing our servers in another DC over the S2S VPN
The default route is set as Dialer0 (ASDL).
I thought I'd get away without using Policy Based Routing but I think I'm going to have use it but keep running up against problems.
A simpler config I guess would be to have all traffic go out the SDSL except for web browsing, Messenger traffic, and guest network traffic. Could someone advise how I can use PBR to do this. I've seen some examples saying use the same Route-map for the PBR and for NAT and others that say use separate ones and in the NAT Route-maps also match on interface although this never seems to work.
I also have a problem where some internal addresses are being NAT'd to the external IP of the router and then this IP is being NATd again to a different port. I think this may be because I have multiple NAT statements although I can't see one that would NAT the external address again.
I do have a config but its fairly large and probably needs to have a lot of IPs taken out of it before I can submit it here.
01-12-2011 10:09 AM
I guess it may be easier if I break down my issues.
The first is I can ping a website by name without problem but I cannot browse to.
If I do a show ip nat translations I can see NAT translations for the client's local IP to that of the router
But then I see a further translation for the router's IP to another port. I had this previously when I had more than 1 IP NAT statement but I only have the 1 for this inferface (dialer0) now.
tcp 213.120.5.9:60853 172.17.1.1:60853 173.194.37.104:80 173.194.37.104:80
tcp 213.120.5.9:1084 213.120.5.9:60853 173.194.37.104:80 173.194.37.104:80
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide