1 Reply Latest reply on Mar 30, 2015 9:09 AM by levi

    1335P with 2 ISPs

    javiermp40 New Member

      Support,

       

      I'm setting up a 1335 with 2 ISPs and I need some assistance on this.

       

      ISP 1 (Verizon DSL) - Will be used as primary connection for GRE tunnels leading back to another site which connects to the main PBX. Local Phones will use VLAN 200 and will use VLAN 201 interface as it's main ISP for the tunnel.

      ISP 2 (Cablevision)  - Will be used as primary connection for PCs to connect to the internet. No tunnels will be built using this ISP.

      I may built in the near future failover for each of the Voice and Data networks using the other ISP for each one. This uses int VLAN 301

       

      The main issue I'm having is the following:

      The tunnels are built correctly and all phones in VLAN 200 can find it's respective vlan in the other site. It works great. however the PCs are not able to get out over the public internet using VLAN 301 with Cablevision.

       

      I'm attaching the configuration for this 1335. I dont think the other site's config is relevant to the issue i'm experiencing.

       

      I would greatly appreciate your assistance on this.

       

      thanks.

        • Re: 1335P with 2 ISPs
          levi Employee

          javiermp40:

           

          Thank you for asking this question in the support community.  Based on the configuration you submitted, it appears you will need a route-map to force data traffic over the backup connection.  In the current configuration, traffic is following the default route, and since the policy-class "Private-Data" has a egress policy assigned to the NAT statement of "Public2" it means it will only route this traffic out an interface with "Public2" assigned to it.  In your case, the default-route is not going out the interface with "Public2" assigned to it, and therefore this traffic is discarded.

           

          You will need to create an access-list that matches the data subnet, and then reference that in a route-map.  Here is an example configuration:

           

          ip access-list standard PRIVATE-DATA

            permit 192.168.2.0 0.0.0.255

          !

          route-map PBR-DATA permit 10

            match ip address PRIVATE-DATA

            set ip next-hop <gateway IP address>

          !

          interface vlan 1

            ip address  192.168.2.1  255.255.255.0

            ip policy route-map PBR-DATA

            ip access-policy Private-Data

            no ip route-cache express

            no shutdown

           

          I hope that makes sense.  Here is the Configuring Policy Based Routing in AOS guide.  Please, let me know if you have additional questions.  I'll be happy to help in any way I can.

           

          Levi