01-04-2012 12:41 PM - edited 03-07-2019 04:10 AM
hi all
have trying the last three night to make pbr on my Home network
I have 2 isp, on via 3G and one ADSL
What i want to do is fx route all www via adsl and so on,,
so have tryed following but dont seem to work
ip access-list extended www_adsl
permit tcp any eq 80 any
!
route-map LOCAL_POLICY 10
match ip address www_adsl
set ip next-hop 95.166.108.1
set ip precedence 7
!
ip local policy route-map LOCAL_POLICY
have also tryed
access-list 101 permit tcp any any eq 80
route-map reroute10traffic permit 10
match ip address 101
set ip next-hop 95.166.108.1
ip local policy route-map reroute10traffic
dont know what is best?
none of then can make it work for me
my next-hop is the one on adsl
01-04-2012 01:49 PM
Hi,
first if you want traffic from the LAN to be PBRd then you must apply following command on the L3 interface where traffic is coming in:
ip policy route-map xxx
The one you configured : ip local policy route-map xxx is for locally generated traffic from the router
second, the first ACL wouldn't work because web traffic hasn't got port 80 as source but it has as destination port
3rd, I suppose you're doing NAT and if this is the case you'll have to use route-maps for NAT overload for the 2 WAN interfaces.
Post the following: sh run | s nat|route-map|access-list|policy
Regards.
Alain
08-17-2012 01:38 PM
Here is the latest runnig config, but still not working....anyone got a clue whats wrong ?
I´m getting hits in my acl but if i try to do some www trafic, not working...
! Last configuration change at 22:14:50 UTC Thu Aug 16 2012 by abramsen
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco819
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3588425243
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3588425243
revocation-check none
rsakeypair TP-self-signed-3588425243
!
!
no ip source-route
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name it-kon.dk
ip name-server 192.168.0.1
ip name-server 208.67.222.222
ip name-server 8.8.8.8
no ipv6 cef
!
!
multilink bundle-name authenticated
chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
license udi pid C819HG+7-K9 sn FCZ1606C0BY
!
!
controller Cellular 0
gsm sim primary slot 1
gsm failovertimer 7
!
ip tcp synwait-time 10
ip ssh version 2
!
!
!
no crypto ipsec nat-transparency udp-encapsulation
!
!
interface Cellular0
description To ISP 1 (3G)$FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast reverse-path
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 60
dialer in-band
dialer idle-timeout 900
dialer string gsm
dialer-group 2
async mode interactive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
description Wan port to ADSL
ip address dhcp client-id GigabitEthernet0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface Dialer0
ip address negotiated
encapsulation slip
dialer pool 2
dialer idle-timeout 0
dialer string gsm
dialer persistent
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip dns view default
domain timeout 1
no dns forwarding
ip nat inside source route-map 3G interface Cellular0 overload
ip nat inside source route-map ADSL interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0 10
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 110
!
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 443
access-list 101 permit ip any any
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
!
route-map ADSL permit 10
match ip address 10
match interface GigabitEthernet0
!
route-map PBR permit 10
match ip address 100
set ip next-hop 95.166.108.20
set interface GigabitEthernet0
!
route-map PBR permit 30
match ip address 101
set ip next-hop 95.209.150.20
!
route-map 3G permit 10
match ip address 10
match interface Cellular0
!
!
control-plane
!
!
!
line con 0
line aux 0
line 3
exec-timeout 0 0
script dialer gsm
login
modem InOut
no exec
transport input all
rxspeed 21600000
txspeed 5760000
line vty 0 4
access-class 23 in
privilege level 15
password fuQuophuja1
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide