03-15-2005 12:36 AM - edited 03-03-2019 09:02 AM
Current scenario:
Currently NAT is configured in PIX & no out going restriction. 172.16.16.x network static route entry.
Incoming traffic thru ISP2- www, http, https.
Outgoing traffic thru ISP2- all traffic allowed
Incoming traffic thru ISP1- smtp.
Note that www, IB & mail servers are configured with internal LAN IP and mapped with real IP in PIX.
Gateway router send request to PIX and PIX send all traffic to cisco2611, it redirects traffic in 3 different path as required.
Planning to do the following:
Incoming traffic thru ISP2- www, http, https.
Incoming traffic thru ISP1- smtp.
Outgoing traffic thru ISP2- no internet traffic allowed
Outgoing traffic thru ISP1- smtp & www/http
* To get the above I have configured the cisco2611 as policy base routing for the expected services but not working.
pl see the EBL-diagram (ignore IB-diagram if not open)attached and cisco2611 config bellow:
Cisco2611>ena
Password:
EBL-EXTROUTER#sh run
Building configuration...
!
interface FastEthernet0/0
ip address 192.168.x.246 255.255.255.0 secondary
ip address 203.112.195.y 255.255.255.240
ip nat inside
ip policy route-map traffic-redirect
!
interface Serial0/0
description connected to BTTB Internet
bandwidth 256
ip address 203.112.192.x 255.255.255.252
!
interface FastEthernet0/1
ip address 203.76.102.a 255.255.255.248
ip nat outside
!
interface Serial0/1
description connected to ITCL
bandwidth 64
ip address 192.168.1.6 255.255.255.252
!
ip local policy route-map traffic-redirect
ip nat inside source list 1 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 203.76.102.1
ip route 0.0.0.0 0.0.0.0 203.112.192.x 100
ip route 172.16.16.0 255.255.255.0 192.168.1.5
ip route 172.16.16.0 255.255.255.0 203.112.195.22 100
ip route 172.16.17.0 255.255.255.0 192.168.2.5
ip route 172.16.17.0 255.255.255.0 203.112.195.22 100
ip route 192.168.4.0 255.255.255.0 FastEthernet0/0
ip route 203.112.195.16 255.255.255.240 FastEthernet0/0
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
route-map traffic-redirect permit 10
match ip address 1
set ip precedence priority
set ip next-hop 203.76.102.x
pl send your opinion
03-21-2005 08:02 AM
Your design looks good...
03-22-2005 12:34 AM
But as per my expectation following is not working:
Outgoing traffic thru ISP2- should not allowed internet traffic
Outgoing traffic thru ISP1- smtp & www/http should allow
* To get the above I have configured the cisco2611 as policy base routing for the expected services but not working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: