Showing results for 
Search instead for 
Did you mean: 

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter


IP SLA / PBR configuration questions / review please.


Good morning, wanted to run some config questions by you as I am a bit unclear on a few things regarding load balancing and the IP SLA and PBR routing. Let's start with the basics:

GigabitEthernet0/1 --> LAN

GigabitEthernet0/0 --> ISP 1 WAN

GigabitEthernet0/2 --> ISP 2 WAN

So here is what I am attempting to accomplish. We have added ISP 2 to specifically send our VOIP traffic down, I would like to direct our PBX traffic from the LAN down this link. I have already added the config for the IP SLA to the router but I am unsure about configuration of the PBR to over-ride the routing tables and I believe PBR statements are evaluated before routing and how they are applied. Currently my default route-map looks like this:

route-map SDM-RMAP_1 permit 1

match ip address 104

My ACL 104 looks like this:

access-list 104 permit ip any

My understanding is that although you can only have 1 route-map per interface you can sequence them as well, when a match occurs it takes the action and continues to evaluate till the bottom of the sequence. So my question is can I / should I configure it like this for the desired results?

Create the object group:

object-group Asterisk

     description SIP Communication Server

     udp source range 5060-5061

     udp source range 10001-20000

NAT the traffic from the inside to the outside for SIP Signaling:

ip nat inside source static udp 5060 2xx.135.77.158 5060

Create the ACL for the VOIP Traffic:

access-list 109 remark ISP Traffic

access-list 109 permit object-group Asterisk any host 2xx.135.77.158

Modify the existing route-map:

no route-map SDM_RMAP_1

     route-map SDM_RMAP_1 permit 10

          match ip address 109

          set interface GigabitEthernet0/2


     route-map SDM_RMAP_1 permit 20

          match ip address 104



Apply the traffic to the interface where the traffic is coming in on ISP2:

interface GigabitEthernet0/2

     ip policy route-map SDM_RMAP_1

I think that covers it, if the access-list 104 is the last statement to be evaluated should I put a deny any at the end of the statement? Group THANK YOU so much for taking the time to review this config with me. I appreciate it very much!

Everyone's tags (7)