Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2087
Views
5
Helpful
6
Replies

Redirect Internet Traffic

Adam Campbell
Level 1
Level 1

‎11-25-2011 08:09 AM - edited ‎03-07-2019 03:36 AM

At one of my field offices I want to redirect internet traffic down a separate DSL connection instead of having it ride the T1 back to the main office then going out.  At this office I have a 2600 router, 3560 switch, with a Fortigate firewall in between DSL connection and LAN, Fa0/0 on router and firewall are both plugged in to switch.  I have seen posts that mention PBR or static routes which is the reccomended method for dealing with this? 

Labels:
0 Helpful
6 Replies 6

Amit Singh
Cisco Employee
Cisco Employee

‎11-25-2011 08:20 AM

Hi Adam,

Please could you paste a topology diagram, that would help.

You would basically need static routing in this case. You dont need a PBR if you are doing a destination based routing. In this you want all the internet traffic going down via DSL, you can use a default route say on your 3650 switch to send all traffic to the router via DSL and any other HQ subnets to travel via a different link.

You can also use PBR in this case if there is a requirement to route traffic from one subnet/all the subnets/any host via DSL and rest other traffic to go via HQ.

As I mentioned  depening upon the topology you could use either of the configuration. I would try to get this done via static routes as this would put less load on the router CPU vs the PBR which is done is software.

HTH,

-amit singh

0 Helpful

Adam Campbell
Level 1
Level 1
In response to Amit Singh

‎11-25-2011 08:49 AM

Sorry for the horrible drawing I just threw it together.  So if I decide to specify routes on the switch I am guessing it would be something like a route for all private traffic to go to the router: ip route 192.168.1.0 255.255.255.0 192.168.1.1, then set a default route for internet traffic to go to firewall: ip route 0.0.0.0 0.0.0.0 192.168.1.3?

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to Adam Campbell

‎11-25-2011 09:21 AM

Hi Adam,

Thanks for the drawing. Yes your default route for the internet traffic looks fine. However I am not sure about the private traffic to your router. Unless, its just for an example, it would not fly. What are the subnets located in your HQ, you need to define those in your routes pointing towards the router.

This is fine. Make sure you have ip routing enabled on the 3560 switch adn you can see you static routes when you do a " show ip route".

HTH,

-amit singh

0 Helpful

Adam Campbell
Level 1
Level 1
In response to Amit Singh

‎11-25-2011 09:40 AM

I see what you are saying.  So if my HQ subnet was something like 172.16.0.0 my route for internal traffic would need to look something like: 172.16.0.0 255.255.0.0 192.168.1.1?  Destination/Mask/Next hop, correct? 

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to Adam Campbell

‎11-25-2011 10:15 AM

Absolutely correct Adam. You got it. The other side like your HQ router need to make sure that you have the route back you this office subnect 192.168.1.0.

This should work.

Hope this helps, Please rate if it does.

-amit singh

Adam Campbell
Level 1
Level 1
In response to Amit Singh

‎11-25-2011 11:46 AM

Thank you very much for your help.

0 Helpful
Customers Also Viewed These Support Documents