|
Question : Dual ISP sharing
|
|
I currently have one Internet circuit (serial t-1) that is in use but we just purchased another from a different provider (2MB) (ethernet handoff). We would like to use the t-1 connection for email traffic only and use the ethernet for all other traffic. below is a layout of this part of our network.
T-1 Internet---| |---cisco2621---DMZswitch--Pix525---3560Switch------3825Router(internal) 2MB Internet--| | Internal LAN
All equipment is cisco below is the relevant part of the 2621's config
interface FastEthernet0/0 description ISP2 (new) 70.0.0.74 255.255.255.248 shutdown speed 100 full-duplex ! interface Serial0/0 description ISP1 T1 ip address 64.0.0.62 255.255.255.252 ! interface FastEthernet0/1 description Inside Network ip address 64.0.0.113 255.255.255.240 duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 64.0.0.63 no ip http server ip pim bidir-enable
The Pix's 'outside' interface is 64.0.0.114/28 and uses 64.0.0.126 for its Global address. Assume i have a 192.168.1.x internal address scheme.
My question is... how do i go about setting up the router an/or PIX to allow all email traffic to use the T1 and all other traffic to use the new 2MB pipe with the ehternet handoff? If you need any additional info please ask. Thanks in advance for your help.
|
Answer : Dual ISP sharing
|
|
Route-map policy based routing (PBR) is the way to go:
\\ -- define traffic that is email access-list 101 permit tcp any any eq smtp
\\-- define all other traffic access-list 102 permit ip any any
\\-- create route-map to send two different types of traffic two different ways route-map MYMAP permit 10 match ip address 101 set ip next-hop 64.0.0.63 route-map MYMAP permit 20 match ip address 102 set ip next-hop 70.0.0.xx <== ISP2 gateway
\\-- create additional NAT for 64.x.x.x packets going out ISP2 interface Fast 0/0 no shut ip nat outside interface Fast 0/1 ip nat inside ip policy route-map MYMAP access-list 5 permit 65.0.0.114 0.0.0.240 ip nat inside source list 5 interface Fast 0/0 overload
Now you can also take it several steps further by adding service assurance for failover: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e95.html
|
|
|