Cisco Routing

[v3user]

Hopefully everyone can understand what I am trying to do.

I am using a cisco 1760 I have a T1 and DSL setup as outside interfaces. I have setup a site to site VPN tunnel(perament) using only my T1 which connects me to a 192.168.10.0 network.

What I want to do is route all 192.168.10.0 traffic to T1 which runs my VPN tunnel and all other traffic to my DSL interface.

Can someone atleast point me in the correct direction.

 

[MattWray]

Seems you could do it with 2 static routes pretty easily.

Route your 192.168.10.0 via the T1 interface and 0.0.0.0 out the DSL interface...

Thanks,

Matt Wray

GFH

http://www.sss-steel.com

 

[v3user]

I've tried that but both interfaces have seperate gateways, my only gateway right now is the T1 IP so if I try to static route 0.0.0.0 to my DSL it doesn't seem to go out through DSL.

I've added the DSL GW as a static route but I loose access to my 192.168.10.0 network.

 

[MattWray]

SO does your router have 3 interfaces? An inside, the T1, and the DSL?


Matt Wray

http://www.sss-steel.com

 

[v3user]

Yes 3 interfaces. I'm thinking policy based routing, but I've never even tried it.

 

[MattWray]

Can you post your sho run? Just remove any public IPs...


Matt Wray

http://www.sss-steel.com

 

[v3user]

I removed access-list 112

service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret**************
!
aaa new-model
!
!
aaa authentication ppp default local
!
aaa session-id common
!
resource policy
!
memory-size iomem 15
clock timezone CST -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
ip cef
ip domain list domain.com
no ip domain lookup
ip name-server 192.168.2.2
ip flow-cache timeout active 1
ip inspect name ActSync https timeout 900
!
!
!
!
username user****
!
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key ************** address xxx.xxx.xxx.xxx
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set tunnel esp-3des esp-sha-hmac
!
crypto map VPN 11 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set tunnel
match address 103
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address xxx.xxx.xxx.194 255.255.255.240
ip access-group 112 in
ip nat outside
no ip virtual-reassembly
no ip route-cache cef
ip policy route-map nonat
no ip mroute-cache
speed auto
full-duplex
crypto map VPN
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
switchport access vlan 11
switchport trunk native vlan 11
switchport mode trunk
!
interface FastEthernet0/4
!
interface Serial1/0
no ip address
shutdown
!
interface Vlan1
description $ES_LAN$
ip address 192.168.2.1 255.255.255.0
ip access-group 101 in
ip nat inside
ip virtual-reassembly
no ip route-cache cef
ip route-cache flow
ip policy route-map nonat
no ip mroute-cache
!
interface Vlan11 !DSL
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip access-group 112 in
ip nat outside
no ip virtual-reassembly
no ip route-cache cef
ip policy route-map nonat
no ip mroute-cache
vlan-id dot1q 2
exit-vlan-config
!
!
ip route 0.0.0.0 0.0.0.0 216.85.207.249

!
ip nat inside source list 1 interface FastEthernet0/0 overload

!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.255

snmp-server ifindex persist
!

!
control-plane
!
banner motd ^C
_________-----_____
_____------ __ ----_
___---- ___------ \
----________ ---- \
-----__ | _____)
__- / \
_______----- ___-- \ /)\
------_______ ---____ \__/ /
-----__ \ -- _ /\
--__--__ \_____/ \_/\
----| / |
| |___________|
| | ((_(_)| )_)
| \_((_(_)|/(_)
\ (
\_____________)

!!!!!Private Network Access Restricted To Authorized Users Only!!!!!!

 

[MattWray]

Can you say which interfaces are which? Without the IPs kinda hard to figure out. What is your T1 interface, internal and DSL? I only see 2 physical interfaces used - Fa0/0 and fa0/3...


Matt Wray

http://www.sss-steel.com

 

[v3user]

fa0/0 is My T1 which My VPN runs on, Fa0/1 is VLAN1 which is my LAN FA0/3 is my DSL which is VLAN 11

Thank you for your time on this

 

[MattWray]

Have you tried a static to both?

ip route 0.0.0.0 0.0.0.0 (DSL next hop)
ip route 192.168.10.0 255.255.255.0 (T1 next hop)

When you change your 0.0.0.0 to the DSL, does your tunnel drop or stay active?




Matt Wray

http://www.sss-steel.com

 

[v3user]

I've tried it with DSL as the default which it will allow me to get out to the internet via the dsl but even with a static route for 192.168.10.0 network via t1 next hop it doesn't work.

 

[MattWray]

Seems a route map would probably be whats left to try. I have one set up, but I am not very good with those.

I will post what I have and maybe that will help you figure out yours...

interface GigabitEthernet0/0
 ip policy route-map To_PIX

router eigrp 100
 redistribute connected metric 1544 10 255 1 1500
 redistribute static metric 1544 10 255 1 1500

access-list 150 permit ip host 192.168.xxx.250 any

route-map To_PIX permit 10
 match ip address 150
 set ip default next-hop 192.168.xxx.252

What this does for me, is the host at 192.168.xxx.250 uses 192.168.xxx.252 as a gateway instead of the default gateway for unkown routes. Seems something similar could work for you, I just hoped it would be easier.




Matt Wray

http://www.sss-steel.com

 

[v3user]

I'll give it a try tomorrow early AM.

Thanks for you help.

 

[castlesmadeofsand]

Thanks for posting the config. I copied that cool motd to my router config. I know it must have taken a while to do it, hope you don't mind. Thanks.

Jimi