Re: Need advice routing and subnet splitting traffic

Akbar ali Sultan · ‎03-18-2018

we have 2 subnet one is 4 MB link 2nd 6 MB link from ISP side, scenario is we have 1 router 3825 connected to small switch 2960G 8TCL, Switch connected to Firewall ASA 5520 then Access Switch 2960G 24TCL which is layer 2 switch,

now i have 2 vlan 101 for workstation and VLAN 102 for Servers, so i want servers to go 6MB link and 4 MB for workstation,

router has this configuration, =====i am not writing whole config======

int gi 0/0

ip address (wan ip 255.255.255.252)

ip nat outside

int gi 0/1

ip address 1.1.1.1 255.255.255.248 secondary =====6MB=====

ip address 2.2.2.2 255.255.255.248 ====4MB====

ip nat inside

ip route 0.0.0.0 0.0.0.0 wan ip

now please tell me how to route traffic to 2 subnets and vlan also should communicate each other

Georg Pauwen · ‎03-19-2018

Hello,

your setup is unclear. If you have two ISP connections, you need two outside interfaces...your configuration shows only one. Also, does the ASA do the inter-Vlan routing ?

Post a schematic drawing of your physical setup...

Akbar ali Sultan · ‎03-19-2018

there is 1 connection but under different subnet and bandwidth split from ISP side, check the diagram,

paul driver · ‎03-19-2018

Hello

At present I only see one /24 subnet on your lan, so do have another one or are you wanting to separate this?

Also It looks like your 4 mb link is the primary and such you could try policy routing from your rtr over the 6 mb link traffic you wish to take this path.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Akbar ali Sultan · ‎03-19-2018

in LAN there are 2 or more networks (VLAN101 192.168.101.0/24 & VLAN102 192.168.102.0/24), the question is how can i router traffic from 192.168.101.0/24 to 4MB link and 192.168.102.0/24 to 6MB link from firewall or router as well as i need communication between vlan from access switch and access switch is layer 2 not layer 3, what should be done in ASA so vlan101 and vlan102 can communicate?

Georg Pauwen · ‎03-19-2018

Hello,

on your ASA, you can configure VLAN interfaces just like on a router:

interface Vlan101
nameif LAN1
security-level 100
ip address 192.168.101.1 255.255.255.0
!
interface Vlan102
nameif LAN2
security-level 100
ip address 192.168.102.1 255.255.255.0

On the router, a generic policy routing configuration would look like this:

access-list 101 permit ip 192.168.101.0 0.0.0.255 any
access-list 102 permit ip 192.168.102.0 0.0.0.255 any
!
interface GigabitEthernet 0/0/0
ip policy route-map TO_ISP_1
!
interface GigabitEthernet 1/0/0
ip policy route-map TO_ISP_2
!
route-map TO_ISP_1 permit 10
match ip address 101
set ip next-hop x.x.x.x (WAN IP of ISP1)
!
route-map TO_ISP_2 permit 10
match ip address 102
set ip next-hop x.x.x.x (WAN IP of ISP2)

That said, better to post the full configs of both the router and the ASA, as we don't know what else you have (or have not) configured...

Akbar ali Sultan · ‎03-19-2018

Hi George,

is it possible to configure policy route in Router where the NAT config in firewall, i guess no, so is there any other solution do u have?

FYI 6MB link will be used for VPN connection to HQ

4MB link used for internet

and i dont have VPN lincese in router, i have license in firewall and the VPN connection from firewall to firewall.

by the end of the day i will post full config. meanwhile if you have any solution kindly let me know.