Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
2
Replies

Outbound rating based on application type

Go to solution
tonycody
Level 1
Level 1

‎09-06-2007 09:39 PM - edited ‎03-05-2019 06:19 PM

What is an ideal way to route outbound traffic based on the type? For example, if our router has two Internet links, how could we route HTTP/FTP, etc, for the desktops out G0/0, and all other traffic (servers, static NATs) through G0/1?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-06-2007 10:29 PM

Hi Tony

As far as outbound traffic goes you can do this with Policy Based Routing eg.

Assume desktop subnet = 192.168.5.0/24

access-list 101 permit tcp 192.168.5.0 0.0.0.255 any eq http

access-list 101 permit tcp 192.168.5.0 0.0.0.255 any eq ftp

access-list 101 permit tcp 192.168.5.0 0.0.0.255 any eq ftp-data

route map Internet-access permit 10

match ip address 101

set interface g0/0

route-map Internet-access permit 20

set interface gi0/1

On your internal interface

int fa0/0

ip policy route-map Internet-access

Return traffic is slightly different. If you have spearate NAT pools that you can allocate to each interface ie. gi0/0 and gi0/1 then you make sure that traffic is always routed back to the interface it went out on.

Attached is a link to a doc on PBR that gives a good overview.

http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml

HTH

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-06-2007 10:29 PM

Hi Tony

As far as outbound traffic goes you can do this with Policy Based Routing eg.

Assume desktop subnet = 192.168.5.0/24

access-list 101 permit tcp 192.168.5.0 0.0.0.255 any eq http

access-list 101 permit tcp 192.168.5.0 0.0.0.255 any eq ftp

access-list 101 permit tcp 192.168.5.0 0.0.0.255 any eq ftp-data

route map Internet-access permit 10

match ip address 101

set interface g0/0

route-map Internet-access permit 20

set interface gi0/1

On your internal interface

int fa0/0

ip policy route-map Internet-access

Return traffic is slightly different. If you have spearate NAT pools that you can allocate to each interface ie. gi0/0 and gi0/1 then you make sure that traffic is always routed back to the interface it went out on.

Attached is a link to a doc on PBR that gives a good overview.

http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml

HTH

Jon

0 Helpful

Go to solution
tonycody
Level 1
Level 1
In response to Jon Marshall

‎09-07-2007 04:28 AM

That looks like exactly what we needed. Thanks!

0 Helpful
Customers Also Viewed These Support Documents