I have two routers with 2 x separate Internet links to the same ISP.
Router A: WWW Traffic from the LAN goes out of line 1 and a policy on in the Ethernet Interface matches an access list which redirects traffic to router Router 2 (see diagram).
WWW VPN | | RTRA RTRB | | Switch-----Switch | | F/W1 F/W2
The firewalls have an outside VRRP address which my policy on RTRA matches against. Assuming the policy is matched, it routes the traffic via the inside to RTRB. Everything works fine but the performance over the 2nd link is slow. Both Circuit A & B are the same speeds. Inbound routing is all fine, the traceorutes for WWW & VPN traffic are correct.
I just want to clarify my PBR. On router A the config is:
interface FastEthernet0/0 ip address X.X.X.X 255.255.255.240 no ip redirects ip policy route-map VPN speed 100 full-duplex standby 10 ip X.X.X.X standby 10 preempt standby 10 track Serial0/0:0 end
route-map VPN permit 10 match ip address 100 set interface FastEthernet0/0 set ip next-hop LAN_IP_Of_RTRB
I am looking ito the links between the switches as a possible suspect. Anyone else got any ideas.
When removing the PBR so all traffic goes out of line A, VPN performance is fine.
Regards
Darren