Cisco WAN :: Configure Policy Based Route On 2811 Router?

Jan 19, 2013

configuring policy based route for my cisco router?Basically, I have a 2811 cisco router with 2 ADSL ports. 1 port is for iiNet line and another port is for Telstra line.I want to configure a policy based route on the router so that:Any traffic coming from 1 internal IP (i.e. 172.16.x.1) will go through iinet line (i.e. Dialer 0) interface.Any traffic from rest of the office will go through the Telstra line (i.e. Dialer 1) interface. Is there any easy way to configure this policy based route?

View 8 Replies


ADVERTISEMENT

Cisco WAN :: 3725 - Route-Map For Policy Based Routing

Feb 2, 2011

I have been using a route map to pick WAN exit points (PBR) on a 3725 router.  This have been working fine with /24 networks.  I am trying to pick the first /28 piece out of the 10.1.1.0 network and send it out a different exit from the rest of that network.  I have tried the /28 entry at the start and end of the route map, although I thought the first match would stop any further route map processing.  The entry does not seem to have any effect, as traffic from all addresses in the 10.1.1.0 /24 network exit per the "route-map 10-LAN permit 11" section.
 
access-list 5 remark Ten Dot 1 low 63 IPs
access-list 5 remark SDM_ACL Category=2access-list 5 remark Ten Dot One Low 63 IPs access-list 5 permit 10.1.1.0 0.0.0.63 log
[ code]....

View 11 Replies View Related

Cisco WAN :: 2811 - Static Routes Need Some Input Policy Based Routing

Aug 13, 2011

I have 2 connections a single T1 for voip traffic only and a DSL line for data traffic.the dsl was migrated to a 2811 with out any issues now comes the time to move the T1 over.
 
on the T1 side I am able to ping the WAN router and the LAN router IP address but nothing behind it.

currently this is the only statment on the router:
ip route 0.0.0.0 0.0.0.0 Dialer1
 
as a quick a dirty to remove the above i tried:
no ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 66.55.110.0 255.255.255.0 Dialer1
 
but the DSL side dropped. we have a 66.55.110.152/29
 
for the T1 i would use the following statement.. we have a 209.98.53.192/27
 
ip route 209.98.53.0 255.255.255.255 65.32.70.177

View 12 Replies View Related

Cisco Switching/Routing :: How To Configure Policy Based Routing On 3750

Jan 28, 2013

In our datacenter we have a 3750 stack with IP base image.  I have enabled PBR and reloaded the switch.  Show sdm prefer says i am using default template.  The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.

Created access list to identify traffic:
 
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
 
Created policy:
 
route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
 
Assigned policy to the user vlan3:
 
ip policy route-map TestASA
 
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan. 

View 16 Replies View Related

Cisco VPN :: ASA 5505 To Use Router For Creating Policy Based Routing

May 29, 2011

I have an ASA 5505 at each of three locations.  We have VPN tunnels set up between the three sites.  I am currently using a single ISP to control the traffic between the sites.  I am adding a new ISP to the mix.  The goal is to have any internet traffic routed to ISP 2 and all internal traffic routed to ISP 1.The ASA does not do policy based routing (mostly because it is a firewall, not a router).  I need to configure a router that will accept the output of the ASA and route it according to the above rule.  All incoming routing will be done through ISP 1. Any suggestion on the device and the methodology to set it up?  I am planning on doing this in each location.

View 3 Replies View Related

Cisco Firewall :: Policy Based NAT On ASA 8.4.1

Feb 27, 2011

How can I configure police-based nat to allow ICMP-only traffic on asaos 8.4.1 or 8.3?On 8.3 it was very simple:global (outside) 1 interface ,access-list outside_nat_outbound extended permit icmp any any,nat (outside) 1 access-list outside_nat_outbound.

View 10 Replies View Related

Cisco WAN :: Policy Based Routing On 2911 ISR?

Mar 18, 2013

I have setup a basic PBR config to route Http and Https out of a different interface (fa0/0/0) but for some reason http traffic is still going out of the Gi0/1 interface.
 
Config attached minus the crypto stuff and the publics have been changed.

View 17 Replies View Related

Cisco WAN :: 1811 Policy Based Routing

Aug 21, 2012

Last night I had a crack at setting up PBR on my companies Cisco 1811.Joy, I thought, it's actually working.  Alas I was wrong, the addresses were getting translated to our ADSLs external ip address but routed over our EFM.What I want to acheive is to send all HTTP(s) traffic from our workstations over the ADSL (FastEthernet1) whilst all other traffic and VPN goes out over our Bonded ADSL (FastEthernet0).  There is also a minor failover in place for traffic routed to the ADSL in the route-map PBR_VLAN1.  The servers are on IPs 200, 202, 204 and 240.
 
Anyway, I have re-written the configuration and xxx'd and x.a/b/c'd all the IP addresses I want to keep secret. Need to make sure that the PBR is correct, and will do what I want it to?  I have a very small time-frame to get this correct and I dont want to fudge the bucket so to speak.

View 8 Replies View Related

Cisco WAN :: ME 3600X Policy Based Routing

Sep 15, 2011

I have a ME3600X switch and I would like configure a PBR (Policy Based Routing), how I can make this?

View 1 Replies View Related

Cisco WAN :: 6506 Configuration Of Policy Based Routing

Jul 18, 2011

I need to configure Policy Based Routing. There are two WAN Links from two Different ISP : Campus NW has one CORE switch - Cisco Catalyst 6506. [code]

View 3 Replies View Related

Cisco Firewall :: Does PIX 6.3 Support Dual ISP And Policy Based Routing

Mar 19, 2011

Just want to ask if a PIX firewall specific with a 6.3 OS version do support Dual WAN and PBR.

View 2 Replies View Related

Cisco WAN :: Configure Policy-map With Police Command At Router 7606-S?

Dec 27, 2011

Im having problem configuring policies for limiting traffic on subinterfaces on cisco Router 7606-S. I have configured:
 
[code]...
 
So for egressQOS , i want to configure with police, not shape (for the memory reason).

View 4 Replies View Related

Cisco Firewall :: Policy Based Routing To ASA5550 Inside Interface?

Mar 4, 2011

Is it possible to establish PBR rules that set the ip next-hop to point directly to the inside interface of the ASA5550?Or, do I need to direct this PBR traffic first to a directly connected router interface and then default route to the ASA?At a high level, here's what we have:
 
ISP 1 - with /21 IP PrefixNo BGP Routing3845 Edge Router - Default Route to ISP 1PIX535 Firewalls (HA) - Default Route to Edge RouterLAN Core/Distribution - Default Route to PIX535 Inside InterfaceAll applications/services use this egress path for PAT/NAT/DMZ/VPN/Etc. 

Here's what we are adding:
 
ISP 2 - with /24 IP PrefixNo BGP Routing3925E Edge Router - Default Route to ISP 2ASA5550 Firewalls (HA) - Default Route to Edge RouterSame connectivity to LAN Core/Distribution 

Goals:Maintain ISP 1 for nowMigrate only end user Internet traffic to ISP 2No disruptions to applications/services using current DefGW to PIX535 

Question: how to best use PBR to selectively direct traffic to the ASA inside interface?

View 4 Replies View Related

Cisco WAN :: How To Configure 2811 Router As BGP

Sep 19, 2011

I have cisco 2811 router and two ISP copper line. How can configure it as BGP router.

View 11 Replies View Related

Cisco Routers :: SRP527W U - Policy Route

Nov 26, 2012

I have a pair of SRP527W-U units, which each connect to a separate ISP by ADSL2+ . I am attempting to use each simultaneously as follows:
 
ISP-A via Cisco A for general traffic, and to run HTTP server X
ISP-B via Cisco B to run HTTP server Y
 
HTTP servers X and Y are on one machine, but binding to two separate IP addresses eg x.x.x.3 and x.x.x.4 . In a situation like this, I would normally configure Cisco A and Cisco B with x.x.x.1 and x.x.x.2 respectively. CiscoA would run DMZ to x.x.x.3 and Cisco B DMZ to x.x.x.4. The server would use x.x.x.1 as the default route. Then I would set Cisco A to have a policy route catching source address x.x.x.4 and sending it to next-hop/gateway x.x.x.2.
 
BUT, the policy route feature requires traffic be sent out the WAN port or a tunnel (no next hop, only WAN side VLANs, tunnels or interfaces). configuring a GRE tunnel connecting the two routers is fruitless, and the tunnels refuse to be created on the LAN side (tunneling is only possible out the WAN).
 
Attempting to simultaneously use the 4th LAN/WAN port in WAN mode also fails, as the WAN port is only available when the ADSL port is not. Under Win2000 and Linux it was possible to configure two separate network cards and use seperate sub nets, each with a default route. This feature no longer works with more recent versions of Windows.
 
How I might get this working, without buying a 887? I am open to buying a 547.

View 1 Replies View Related

Cisco WAN :: Cat6500 - Policy Route To Equipment

Jul 31, 2011

I have to do a policy route on my cat6500. basically, I want to redirect all traffic from 10.1.1.100 to internet address xxx.xxx.xxx.xxx to another machine 10.1.1.101. however, the 10.1.1.100 and 10.1.1.101 are in save subnet. not directed to cat6500, but both connecte to same switch which is linked to cat6500. However the 10.1.1.101 is not a cisco router. but some sort of equipment which change traffic and pass them to another subnet.

that means can I do below:
 
access-list 101 permit ip host 10.1.1.100 host xxx.xxx.xxx.xxx
route-map reroute permit 10
march ip address 101

[Code].....

View 1 Replies View Related

Cisco WAN :: 2851 - How To Route / NAT Based On IP With 2 WAN Connections

Mar 29, 2012

I have a Cisco 2851 (with a 4 port switch module) that I am trying to set up with two different internet connections, and have it route traffic out to them based on the source IP. One connection is a 50mb Comcast connection, another is our T1 that our servers are hosted on. The goal is to guide server/phone system traffic to the T1 and have the rest default to the Comcast. I currently have the 2851 connected to our Layer 3 switch (Dell Powerconnect 6224) with a subnet created between them. Static routes have been created on the 2851 back to all of our existing subnets. Traffic flows internally without a problem between the subnets and 2851 (and vice versa). I set up the 2851 with route-map's in the NAT to control the flow of traffic, with the default route set to the Comcast connection. Default route works great, speedtest shows full speeds and everything looks great. The problem happens when I apply my route-map policy to the internal LAN interface with the ACL list of IP's that I want to guide to the T1 (with a next-hop of the T1's IP address). I tested some tracert's and pings from one of the IP's in this list and they would stop at the T1 modem and not go any further. I did a "show ip nat translations" and noticed that the "outside" portion (right half) was blank for every IP that was in the ACL or related to the T1. So my guess is it looks like this is not doing NAT for the T1? I double-checked that I had my "ip nat inside" on the LAN interface and "ip nat ouside" on the T1 VLAN interface and Comcast interface and they were there.

View 6 Replies View Related

Cisco Switching/Routing :: Ip Policy Route-map On 3750g?

Nov 18, 2008

I have a 3750g on which I am trying to configure the ip policy route-map command on each of the vlan interfaces.  However after entering the command it does not appear.  I'm not sure what to do at this point.  I have changed the SDM template to routing and I am running the IPServices image. 

View 2 Replies View Related

Cisco Switching/Routing :: Ip Policy Route-map On 3750

Jun 10, 2010

I try to enter the command "ip policy route-map"  on 3750's interface. But the command doesn't appear. Why? Whereas I see several times that this command is possible on this switch. What I have to do to enter this command?

View 3 Replies View Related

Cisco WAN :: Unable To Configure Service Policy Output Command In 2921 Router

Apr 25, 2011

I am not able to configure Service policy output command in Cisco 2921 router.While configuring I am getting below error.Same config is working fine in Cisco 3845  router.I am suspectting the problem with license in IOS.

View 3 Replies View Related

Cisco Routers :: SR520 Not Criterion In Zone-based Policy Firewall Class-maps

Jan 16, 2012

I'm trying to configure a zone-based firewall on an SR520 and am confused about the 'not' criterion. The 'zone-design-guide' says (my stress): Class- maps define the traffic that the firewall selects for policy application. Layer 4 class-maps sort the traffic based on these criteria listed here. These criteria are specified using the match.where my intention is to let only LAN hosts with IPs in the range 192.168.1.1 to 192.168.1.7 out through the firewall. There may be an easier way of doing this which I'd be pleased to hear about. But, even if there is, I'd also be interested to know what I'm doing wrong in the above.

View 0 Replies View Related

Cisco Firewall :: 2911 - Control Link In Zone-Based Policy High Availability

Jun 26, 2012

I have set up a zone-based policy firewall with HA on two 2911 routers as per the Cisco security configuration guide, for an active/passive LAN-LAN cluster. All works as expected, but there is one problem I find: when the control link between the two devices fails, they go into an active/active state as each member assumes it's the last surviving member. The ARP entries for the Virtual IPs on the neighboring devices point to the device that last claimed the active role (usually the standby device). This works in a way, just sessions don't get synched anymore (control link is the same as data link). Now when the link comes back up, the preemtion works and the active, former standby device goes back to standby. But the ARP entries on the neighboring devices still point to the standby device and nothing goes (also sessions established during the active/active state are lost due to resync with the now active member).
 
This is a single point of failure and what I need is a way to mitigate that. Under:

redundancy
application redundancy
group 1
control <interface> protocol 1

only one control interface is allowed. Other manufacturers with similar functionality provide for the possibilty of a backup control link, for example the internal LAN interface or a dedicated backup link.
 
How would I go about that? Maybe use a port-channel for the control/data link (but I'm out of interfaces)?

View 1 Replies View Related

Cisco WAN :: 2811 Router To Configure Port Security

Mar 29, 2011

How do you configure port-security on a 2811 router?  If not, is there a way to configure some type of security on each port ?

View 3 Replies View Related

Cisco VPN :: Configure User On 2811 Series Router?

Feb 27, 2012

Currently 2811 series router is configured for site to site VPN, CAN I configure USER VPN on the same box. We want Users to connect to VPN Server using Cisco VPN Client. best authentication method for USER VPN

View 1 Replies View Related

Cisco Switching/Routing :: WS-c3750G -24T / Unable To Look Ip Policy Route-map In PBR?

Apr 22, 2012

i have a Layer3 Switch Cisco WS-c3750G -24T , initially i have a IOS version c3750-Ipbase , recentely i have upgraded my IOS to c3750-Ipservices-M to enable to PBR for my network , i have created all the acl and tried to give the route-map with PBR , the command was initiallying but i am not able to see the applied route-map in my policy route , i have gone through the blog and enabled SDM prefer routing , but no luck .

View 1 Replies View Related

Cisco WAN :: Cannot Apply Policy Route-map To VLAN Interface 3560G

May 1, 2013

I have a 3560G that I cannot apply a policy route-map to one of the VLAN interfaces. I am running up to date software, c3560-ipservicesk9-mz.150-2.SE2 and it accepts the command, but does not show it in the sh run of the interface. I updated to this code as I had seen previously someone said it needed to be version 15 before you could apply route-maps to VLAN interfaces.

View 4 Replies View Related

Cisco WAN :: 1700 - Route RDP Port Based Traffic To WAN Interface

Jun 11, 2013

this is my first time configuring a cisco router. For instance, a cisco router 1700 with 2 ethernet WICs and 1 LAN port. We have 2 ISPs one more stable than the other. We use an RDP session to an external host identified by lets say IP address 200.1.1.2 using ISP2 to get to this computer.   We use ISP1 for all the internet usage, web pages, youtube etc.  We are thinking of using this cisco router 1700 to make the packet filtering and routing of this RDP session to the correct ISP2 since we only have 1 NIC per computer on the LAN side.
 
The main idea would be:
 
                                                       | YES -----> ----------- then use  ISP2
LAN--------->  Are the packets RDP ?
                                                       | No-------->  ----------- then use ISP1
 
Does this can be achieved using packet filtering using extended ACLs and to be router from the lan interface to route rdp (port 3389) packets to ISP2 WAN interface?

View 2 Replies View Related

Cisco WAN :: 4507 - Preferred Default Route Over Another Based On Source IP

Jan 21, 2013

2 ISP's connected to a 4507, both with seperate public IP blocks. Based on some source IP addresses on the LAN they would either use ISP-A or ISB-B's connection based on what I define.

View 3 Replies View Related

Cisco Switching/Routing :: Policy Route-map Not Sticking To 3750 Interfaces?

Apr 23, 2013

I have a client with a 3750x stack.  We've upgraded it to IP Services.  We have a simple PBR setup.  One access-list to forward traffic from a specific LAN ip to another gateway on the network. 
 
I go to vlan1 (default vlan) to apply the PBR and the command takes with no errors, but do a "show run" and it doesn't show up under the interface.
 
I go to vlan1 and apply a PBR that doesn't exist and the command takes with no errors, and is listed under the interface in the config
 
I can apply the PBR globally and appears to work, but we can't have it there based on other issues it creates.
 
config:  (all tracks are up)
C3750_stack#show sdm prefer
The current template is "desktop routing" template.

[Code]....

View 8 Replies View Related

Cisco Switching/Routing :: PBR - 3750 VLan Does Not Accept IP Policy Route-map

Nov 1, 2012

I am trying to configure policy based routing however when i try to apply to an interface vlan.  The configuration does not show in the interface.
  
route-map OTHER_ROUTE permit 10
match ip address OTHER_ROUTE
set ip next-hop x.x.x.x

[Code]....

View 4 Replies View Related

Cisco Switching/Routing :: 7200 - QoS Input Policy Doesn't Classify ICMP Packet Based On DSCP

Dec 20, 2011

I have made some test and i noticed that qos input policy does not classify the icmp packet based on their dscp.The "match dscp ef" or "match precedence 5" is not working only the "match protocol icmp" shows hits.
 
We need to classify the different icmp packets based on dscp ( TOS ) for measurement purpose.CISCO 7200, 12.4.25d and 12.4.20T have a same behavior.

View 6 Replies View Related

Cisco WAN :: 2811 Run Bgp With ISP To Accept Just Default Route

Feb 18, 2012

i have 2811 router can, i  use the below image on it , i m thinking to run bgp  with ISP to accept just default route.

View 1 Replies View Related

Cisco WAN :: 2811 - Route Over Mpls Link?

Mar 2, 2012

i have 2 routers 2811 interconnected together ,1 of these router running in circuit with 2 Mbps over Internet the 2nd one use MPLS Circuit with a bandwidth of 4Mbps,how configure the routing to route over the MPLS while IPSec act as standby

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved