11 Replies Latest reply on Aug 20, 2012 7:20 AM by levi

    Policy Based Routing for 2nd Internet Connection

    kb9mfd New Member

      I have two internet connections and several vlans. All the vlans except one accesses the primary internet connection as the default route. I need to setup the other vlan to use the second internet. I have tried this before but I cannot get it to work. I have the firewall setup and NAT and port forwarding configured and I have the following policies set:

       

      (vlan8 (172.28.130.0/24) - vlan to use second internet connection, vlan2 - internet connection to us, 69.12.165.225 - gateway of internet connection, 69.12.165.226 - internet ip)

       

      MainSwitch(config)#do show route-map

      route-map TDS-Map, permit, sequence 10

        Match clauses:

          ip address (access-lists): SecondInt

        Set clauses:

          ip next-hop: 69.12.165.225

          interface: vlan 2

        BGP Filtering matches: 0 routes

        Policy routing matches: 7 packets 420 bytes

        Redistribution Filtering matches: 0 routes

      route-map VOIP-Tunnel, permit, sequence 10

        Match clauses:

          ip address (access-lists): VOIP-Gateway

        Set clauses:

          ip next-hop: 69.12.165.225

          interface: vlan 2

        BGP Filtering matches: 0 routes

        Policy routing matches: 3056033 packets 81664717 bytes

        Redistribution Filtering matches: 0 routes

       

      MainSwitch(config)#do show ip local policy

      Local policy routing is enable, using route-map TDS-Map

      route-map TDS-Map, permit, sequence 10

        Match clauses:

          ip address (access-lists): SecondInt

        Set clauses:

          ip next-hop: 69.12.165.225

          interface: vlan 2

        BGP Filtering matches: 0 routes

        Policy routing matches: 7 packets 420 bytes

        Redistribution Filtering matches: 0 routes

       

      MainSwitch(config)#do show ip access-list SecondInt

      Extended IP access list SecondInt

         permit ip host 69.12.165.226  any    log (5 matches)

       

      MainSwitch(config)#do show ip access-list VOIP-Gateway

      Extended IP access list VOIP-Gateway

         deny   ip 172.28.130.0 0.0.0.255  172.28.130.0 0.0.0.255    log (284 matches)

         deny   ip 172.28.130.0 0.0.0.255  172.29.0.0 0.0.255.255    log (33020 matches)

         deny   ip 172.28.130.0 0.0.0.255  172.28.101.0 0.0.0.255    log (113423 matches)

         deny   ip 172.28.130.0 0.0.0.255  192.168.1.0 0.0.0.255    log (91 matches)

         deny   ip 172.28.130.0 0.0.0.255  172.28.105.0 0.0.0.255    log (28 matches)

         deny   ip 172.28.130.0 0.0.0.255  172.28.107.0 0.0.0.255    log (0 matches)

         deny   ip 172.29.0.0 0.0.255.255  172.28.130.0 0.0.0.255    log (0 matches)

         permit ip any  any     (41278 matches)

       

      I cannot find out why this will not work. Thanks! - Jeremy