04-27-2007 10:01 PM - edited 03-05-2019 03:44 PM
I have A 2621 router connecting 2 LANs, each with its own Internet connection via a PIX. I can oommunicate between the LANs, but only 1 can access the internet via its own ISP connection. Any help appreciated.
Solved! Go to Solution.
04-30-2007 12:28 PM
Hi,
The default routes that are configured on the 2600 are inconsistent as they can't tell which packets can use which default route, accordingly use the following configuration (PBR configuration):
interface FastEthernet0/0
ip address 10.38.77.35 255.255.255.0
ip policy route-map LAN1
speed auto
half-duplex
interface FastEthernet0/1
ip address 192.168.0.35 255.255.255.0
ip policy route-map LAN2
speed auto
half-duplex
route-map LAN1 permit 10
match ip address 1
set ip default next-hop 10.38.77.130
route-map LAN2 permit 10
match ip address 2
set ip default next-hop 192.168.0.4
access-list 1 deny 10.38.77.30 0.0.0.0
access-list 1 deny 10.38.77.130 0.0.0.0
access-list 1 permit 10.38.77.0 0.0.0.255
access-list 2 deny 192.168.0.4 0.0.0.0
access-list 2 permit 192.168.0.0 0.0.0.255
no ip route 0.0.0.0 0.0.0.0 192.168.0.4
no ip route 0.0.0.0 0.0.0.0 10.38.77.130
please keep me updated with your final results.
HTH, please rate if it does help,
Mohammed Mahmoud.
04-28-2007 01:41 AM
Hi,
Can you please post your 2600 configuration.
BR,
Mohammed Mahmoud.
04-28-2007 06:05 AM
Attached is sho-run.
The 2 LANs are independant. Both are communicating, but only the 10.38.77.0 LAN is able to get to the Internet.
Add'l info -
1. the 10.38.77.0 LAN goes thru the 2621, then thru a T1 Router, then thru a PIX.
2. the 192.168.0.0 LAN goet thru the 2621, then thru a cable router, then thru a different PIX.
Thanks for any help.
04-28-2007 08:28 AM
hi,
I guess that:
ip route 0.0.0.0 0.0.0.0 192.168.0.4 (this is the default route towards the cable router)
ip route 0.0.0.0 0.0.0.0 10.38.77.130 (this is the default route towards the T1 router)
If yes then the 2600 router configuration is ok, but the problem must be on the cable router or the PIX, it must have no route for the return traffic to LAN 192.168.0.0.
HTH, please rate if it does help,
Mohammed Mahmoud.
04-28-2007 11:14 PM
You are correct that the 192 is the cable router. It is not a cisco device, and I will contact them for further support, but if it were, what code would route it back to the 192 LAN?
04-29-2007 12:02 AM
Hi,
I don't know your cable router code, you'll need to find a configuration guide or contact the vendor.
Can you please post a topology diagram (maybe by Visio), i have a further issue.
HTH,
Mohammed Mahmoud.
04-30-2007 07:39 AM
04-30-2007 10:31 AM
Hi,
What is the default gateway configuration on your workstations and servers ?
BR,
Mohammed Mahmoud.
04-30-2007 11:32 AM
192.168.0.35 for the 192. LAN, and 10.38.77.35 for the 10. LAN.
I need the 192. For the Exchange server.
04-30-2007 12:01 PM
Hi,
The problem here is that:
1. Why do u need RIP?
2. This design is inconsistent, do you have more Ethernet interfaces on the 2600 router ?
BR,
Mohammed Mahmoud.
04-30-2007 12:28 PM
Hi,
The default routes that are configured on the 2600 are inconsistent as they can't tell which packets can use which default route, accordingly use the following configuration (PBR configuration):
interface FastEthernet0/0
ip address 10.38.77.35 255.255.255.0
ip policy route-map LAN1
speed auto
half-duplex
interface FastEthernet0/1
ip address 192.168.0.35 255.255.255.0
ip policy route-map LAN2
speed auto
half-duplex
route-map LAN1 permit 10
match ip address 1
set ip default next-hop 10.38.77.130
route-map LAN2 permit 10
match ip address 2
set ip default next-hop 192.168.0.4
access-list 1 deny 10.38.77.30 0.0.0.0
access-list 1 deny 10.38.77.130 0.0.0.0
access-list 1 permit 10.38.77.0 0.0.0.255
access-list 2 deny 192.168.0.4 0.0.0.0
access-list 2 permit 192.168.0.0 0.0.0.255
no ip route 0.0.0.0 0.0.0.0 192.168.0.4
no ip route 0.0.0.0 0.0.0.0 10.38.77.130
please keep me updated with your final results.
HTH, please rate if it does help,
Mohammed Mahmoud.
04-30-2007 07:31 PM
Thanks! It appears to have worked. I will test further tomorrow, and let you know if any problems.
I will rate this a 5.
04-30-2007 10:39 PM
Hi,
You are welcomed, and please keep me updated with your results.
BR,
Mohammed Mahmoud.
04-30-2007 11:00 PM
One of the things that I will need to test is the Exchange Server, for email. It is on the 192. LAN. Its gateway is set to the 192.168.0.4 cable router, which is port forwarding for email to the Exchange Server. I do not think it would affect the email, if I change the gateway of the Exchange Server to the 192.168.0.35 address. Do you agree?
Again, thanks for your help, and your follow up. I will let you know the results tomorrow.
04-30-2007 11:16 PM
Hi,
No it shouldn't make any problems, please do keep me updated.
good luck,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide