Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Contributor

1335P with 2 ISPs


I'm setting up a 1335 with 2 ISPs and I need some assistance on this.

ISP 1 (Verizon DSL) - Will be used as primary connection for GRE tunnels leading back to another site which connects to the main PBX. Local Phones will use VLAN 200 and will use VLAN 201 interface as it's main ISP for the tunnel.

ISP 2 (Cablevision)  - Will be used as primary connection for PCs to connect to the internet. No tunnels will be built using this ISP.

I may built in the near future failover for each of the Voice and Data networks using the other ISP for each one. This uses int VLAN 301

The main issue I'm having is the following:

The tunnels are built correctly and all phones in VLAN 200 can find it's respective vlan in the other site. It works great. however the PCs are not able to get out over the public internet using VLAN 301 with Cablevision.

I'm attaching the configuration for this 1335. I dont think the other site's config is relevant to the issue i'm experiencing.

I would greatly appreciate your assistance on this.


0 Kudos
1 Reply
Not applicable

Re: 1335P with 2 ISPs


Thank you for asking this question in the support community.  Based on the configuration you submitted, it appears you will need a route-map to force data traffic over the backup connection.  In the current configuration, traffic is following the default route, and since the policy-class "Private-Data" has a egress policy assigned to the NAT statement of "Public2" it means it will only route this traffic out an interface with "Public2" assigned to it.  In your case, the default-route is not going out the interface with "Public2" assigned to it, and therefore this traffic is discarded.

You will need to create an access-list that matches the data subnet, and then reference that in a route-map.  Here is an example configuration:

ip access-list standard PRIVATE-DATA



route-map PBR-DATA permit 10

  match ip address PRIVATE-DATA

  set ip next-hop <gateway IP address>


interface vlan 1

  ip address

  ip policy route-map PBR-DATA

  ip access-policy Private-Data

  no ip route-cache express

  no shutdown

I hope that makes sense.  Here is the Configuring Policy Based Routing in AOS guide.  Please, let me know if you have additional questions.  I'll be happy to help in any way I can.