Selective Routing

[pgordemer]

I have a Cisco 2600 with 2 t1/e1 boards. 1 goes to the Internet, one is a private T1 to another office. We have a second Internet connection comming into the building, that I want certain IP address to use in the local subnet to use that internet connection.

Currenly the default route 0.0.0.0 0.0.0.0 serial0/0:1 gets to the internet. How can I get certain address in the same local E0 Subnet to go to another other Internet route.

E0 = 192.168.222.1 (255.255.255.0)
Serial0/0:0 Main Internet
Serial0/1:0 Secondary Internet

Everyone to serial0/0:0 Internet
192.168.222.105-150 to Serial0/1:0 Internet

Readdressing IPs in the network is not an option, they are Kiosks.

Thanks
Phil Gordemer
ARH Associates

 

[lgarner]

Look up "policy-based routing" on Cisco's site. There's also an O'Reilly book called the "Cisco Cookbook" which has great examples of this. Basically, it allows you to dictate routing decisions based on factors other than the destination address, such as source and protocol.

 

[Maverick8673]

You said it lgarner the cookbook is great

http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00800c75d2.html

this is a link i got from cisco support for PBR.

 

[lambent]

192.168.222.105-150

It'd be a nightmare to include these IP addresses using ACLs.

I suggest you either use .1 - .127 & .128 - .254, or use odd and even numbers.

Another important thing is how many public IP addresses your ISP(s) give you? Are these 2 links owned by the same or different ISPs?

 

[pgordemer]

No inbound routing is necessary, this is outbound only, the goal is to get some units going out 1 internet and other IPs out another.

Phil Gordemer
ARH Associates

 

[jneiberger]

This wouldn't be a hard ACL to create. You could do it in about 30 seconds in an Excel spreadsheet using /32 masks:

permit 192.168.222.105
permit 192.168.222.106
.
.
.
permit 192.168.222.150
deny any

It's a little bit long but who cares about that. It's certainly not going to hurt anything to have an ACL that big.

Let us know how it turns out!
John

 

[lambent]

Making ACLs concise is always one of our responsibilities. What's important is the concept of using subnet mask or wild-card mask to divide IP address range rather than using some randomly selected range.

But things are not always that smooth as some bosses may just say "Hey I want to include these do it as I said!". Well in that case you'll have no choice but to cope with his own method and like jneiberger said you may need to use Excel.

Well, at least my boss is this kind of person.

 

[lambent]

For the configuration, you can follow this sample:

!
ip access-list standard 101
permit host 192.168.1.100
permit host 192.168.1.101
permit host 192.168.1.102
!
ip access-list standard 102
permit host 192.168.1.200
permit host 192.168.1.201
permit host 192.168.1.202
!
!
route-map DSL permit 10
match ip address 101
set ip next-hop a.b.c.254
route-map DSL permit 20
match ip address 102
set ip next-hop e.f.g.254
!
interface FastEthernet0/1
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip policy route-map DSL
!
interface serial0/0
description WAN1
ip address a.b.c.1 255.255.255.0
ip nat outside
!
interface serial0/1
description WAN2
ip address e.f.g.1 255.255.255.0
ip nat outside
!
ip nat inside source list 101 interface s0/0 overload
ip nat inside source list 102 interface s0/1 overload
!

 

[pgordemer]

Excellant sample, thank you

Phil Gordemer
ARH Associates