hell'o all firewallers
i have 2 questions, for the same cisco 2509 router:
1. i have a C class x.x.x.0, and 2 serial sync lines to the same provider,
s0 and s1, each of them with the same bandwidth. i want to split the
traffic like this: all ip's from the first half, x.x.x.1-x.x.x.126 to use
serial0, and all ip's from the second half, x.x.x.129-x.x.x.254 to use
serial1. incoming traffic is solved by the provider, it all comes through
the correct interface, but the problem is the outgoing traffic. how can i
set up some routes to make it go through the interface that i want ? i
have ip's from both halfs on the eth0 and also on async1-8. i _dont_ want
all outgoing traffic to go through one default interface, and only
incoming to be routed. i have already tried the following:
- two default routes
ip route 0.0.0.0 0.0.0.0 ip.of.peer.of.serial.0
ip route 0.0.0.0 0.0.0.0 ip.of.peer.of.serial.1
traffic goes crazy on both interfaces, and applications
are confused by that; for instance i get a traceroute hop like this:
5 ip.of.serial.0 10ms ip.of.serial.1 20ms ip.of.serial.0 15ms
- two default routes and access lists as follows:
access-list 101 permit ip x.x.x.0 0.0.0.127 any
access-list 102 permit ip x.x.x.128 0.0.0.127 any
on interface serial 0: ip access-group 101 out
on interface serial 1: ip access-group 102 out
traffic also goes like crazy on both interfaces, and it is
denied on the wrong half, so the traceroute looks like this:
5 ip.of.serial.0 10ms !X ip.of.serial.0 10ms (for the first half)
or
5 ip.of.serial.1 10ms !X ip.of.serial.1 20ms (for the second half)
the traceroute finally goes to the destination, but any application
(like browser, ftp, etc) says "no route to host". i must also mention that
the router has 2 ip addresses, one from the first half, and one from the
second half, and the tests were made using 2 machines, one wit ip from the
first half, using as default gateway the first ip of the router, and 1
from the second half, using the second ip pf the router as default
gateway.
also, my provider is not willing to use dynamic routing protocols. so i
need to solve this statically, or using dynamic protocols only on my side,
on this 2509. any suggestions are welcome.
second question:
2. same cisco, one C class for now, maybe more classes in the future. i
have about 10 machines on the LAN, and 3 async lines are 33.6 leased lines
to clients, other 5 are free at this moment. the router is loaded 19% cpu,
with no access lists defined. my provider told me that it is not good to
make access lists, as they would load the cpu very high and it may slow
the traffic, and even crash. so i need some advices: how many access-lists
are "safe" ? and what type are especially cpu-overloading ? what happens
if i use all 8 asyncs and i have lots of computers on the lan, maybe use
all 254 addresses ? will it load to, say, 50% even without any
access-lists? then why do access-lists still exist, if we cannot use them
safely ? or simply my provider is wrong ?
thanx
"Live to Win, Dare to Fail"-James Hetfield
Jaffar the Prince
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
