Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
890
Views
0
Helpful
3
Replies

Two ISP, one router access-list only or route map

joachim0111
Level 1
Level 1

‎02-25-2015 12:59 AM - edited ‎03-05-2019 12:52 AM

Hi,

I have two networks 192.168.0.20 and 192.192.168.30. I want to pass one network by one ISP "Free" with IP 192.168.250.11 and the other by anothere ISP "Orange" 192.168.255.11.

ISP Orange is attached to Vlan 1, ISP Free is attached to Vlan 11

Actually i have done this below, all is going throught ISP Orange. I have one default route, and overload the Interface attached to ISP Orange Vlan1

ip route 0.0.0.0 0.0.0.0 192.168.255.11

access-list 1 permit 192.168.0.0 0.0.255.255

ip nat inside source list 1 interface Vlan1 overload
 
I'm asking which is the best way to do it and if it's correct. The first one seems attractive to me but the packet will go randomly to one or to the other default gateway  ? and the packets not in the correct one will be destruct ?
Only one default route is necessary or no ?
Thanks a lot for your help.
 
 
Solution A :

ip route 0.0.0.0 0.0.0.0 192.168.255.11
ip route 0.0.0.0 0.0.0.0 192.168.250.11

access-list 10 permit 192.168.20.0  0.0.0.255
access-list 20 permit 192.168.30.0  0.0.0.255

ip nat inside source list 10 interface Vlan1 overload
ip nat inside source list 20 interface Vlan 11 overload
 

 

Solution B :

ip route 0.0.0.0 0.0.0.0 192.168.250.11
ip route 0.0.0.0 0.0.0.0 192.168.250.11

access-list 110 permit 192.168.0.0 0.0.255.255

route map orange permit 10
match ip address 110
match interface Vlan 1

route map free-nat permit 10
match ip address 110
match interface Vlan 11

ip nat inside source route-map orange interface Vlan1 overload
ip nat inside source route-map free interface Vlan11 overload

 

 

 

 

 

 

Labels:
0 Helpful
3 Replies 3

guibarati
Level 4
Level 4

‎02-25-2015 07:30 AM

You have to use PBR.

if you just create two default routes you will have traffic from both internal networks going to both links, "free" and "orange". It will create a load balance and you won't have control over which traffic goes where.

After creating PBR solution B would be better, but with two different access-lists, one for each interface, because you have different internal subnets.

0 Helpful

Roberto Kippins
Level 1
Level 1
In response to guibarati

‎02-25-2015 10:33 AM

I agree with this, you definitely need to use PBR to get it to work

0 Helpful

joachim0111
Level 1
Level 1
In response to guibarati

‎02-26-2015 12:21 AM

ok, thanks a lot, i will try this below with PBR, only one default route and two access list.

 

Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.250.11   // default Gateway FREE

Router(config)# access-list 1 permit 192.168.20.0  0.0.0.255
Router(config)# access-list 2 permit 192.168.30.0  0.0.0.255

Router(config)#route map FREE permit 10
Router(config-route-map)# match ip address 2
Router(config-route-map)# set it next hop 192.168.250.11

Router(config)#route map ORANGE permit 10
Router(config-route-map)#match ip address 1
Router(config-route-map)# set it next hop 192.168.255.11


Router(config)# Vlan 1
Router(config if)# ip policy route map ORANGE

Router(config)# Vlan 11
Router(config if)# ip policy route map FREE

Router(config)# ip nat inside source route-map ORANGE interface Vlan1 overload
Router(config)# ip nat inside source route-map FREE interface Vlan11 overload

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card