IP SLA / PBR configuration questions / review please.
Good morning, wanted to run some config questions by you as I am a bit unclear on a few things regarding load balancing and the IP SLA and PBR routing. Let's start with the basics:
GigabitEthernet0/1 --> LAN
GigabitEthernet0/0 --> ISP 1 WAN
GigabitEthernet0/2 --> ISP 2 WAN
So here is what I am attempting to accomplish. We have added ISP 2 to specifically send our VOIP traffic down, I would like to direct our PBX traffic from the LAN down this link. I have already added the config for the IP SLA to the router but I am unsure about configuration of the PBR to over-ride the routing tables and I believe PBR statements are evaluated before routing and how they are applied. Currently my default route-map looks like this:
route-map SDM-RMAP_1 permit 1
match ip address 104
My ACL 104 looks like this:
access-list 104 permit ip 192.168.10.0 0.0.0.31 any
My understanding is that although you can only have 1 route-map per interface you can sequence them as well, when a match occurs it takes the action and continues to evaluate till the bottom of the sequence. So my question is can I / should I configure it like this for the desired results?
Create the object group:
description SIP Communication Server
udp source range 5060-5061
udp source range 10001-20000
NAT the traffic from the inside to the outside for SIP Signaling:
ip nat inside source static udp 192.168.10.11 5060 2xx.135.77.158 5060
Create the ACL for the VOIP Traffic:
access-list 109 remark ISP Traffic
access-list 109 permit object-group Asterisk any host 2xx.135.77.158
Modify the existing route-map:
no route-map SDM_RMAP_1
route-map SDM_RMAP_1 permit 10
match ip address 109
set interface GigabitEthernet0/2
route-map SDM_RMAP_1 permit 20
match ip address 104
Apply the traffic to the interface where the traffic is coming in on ISP2:
ip policy route-map SDM_RMAP_1
I think that covers it, if the access-list 104 is the last statement to be evaluated should I put a deny any at the end of the statement? Group THANK YOU so much for taking the time to review this config with me. I appreciate it very much!
Small businesses are facing the realities of the new normal and wondering what are the best ways to monitor, protect, manage and grow. Cisco understands the unique needs of small businesses and is committed to help overcome their top IT challenges. The fi...
What does the new normal mean for small business? Join this CiscoChat to learn how Cisco Designed, the portfolio curated for small business, can help small businesses adapt and thrive through the new normal and beyond.
We'll take your questions live...
Hi, i have an RV130W Wireless VPN router on which contrary to all advertisements i do not have gigabit LAN.The port links state 1000 full duplex however any LAN transfer is capped at about 20MBps, primarily because the router CPU reaches 100%. So this giv...
Join us in an exclusive Cisco Customer Connection briefing for a demonstration on the management capabilities within the Cisco Business Wireless product line for small businesses. For the lone-IT-superman, it is critical that the network products are easy...
This may be a simple question so I hope someone can help. We have several Cisco SG300\500 switches in L2 mode. Each switch has 8 VLANS and VLAN 1 is still native (For now). We do all routing between VLAN's on our firewall. After reading several ...