05-30-2007 11:20 PM - edited 03-03-2019 05:14 PM
Hi,
I have configured a route map on the interface of a router, which states that if a packet with the destination ip address (this is ofcourse defined in the ACL which I am matching in the route map)comes on this interface then set ip next hop another address which is another device directly connected with the router. But important thing to notice is that the destination ip address which I am trying to match is the ip address of the same interface where I am applying the route map. So wil the router forward the packet to the ip address mentioned in "set ip next hop"? I am thinking its not forwarding. Plz help. Thanks.
Solved! Go to Solution.
06-11-2007 11:59 PM
Hi,
What you want to achieve would be achieved by configuring static NAT over inbound connections. Following links would help you in doing this:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
http://blogs.techrepublic.com.com/networking/?p=264&tag=nl.e115
As far as redundancy for your domain is concerned, i would suggest you to have an AS number from RIR(eg. APNIC) plus Provider Independant IPs, after doing that start BGP Multihoming with both ISPs in Primary/backup fashion.
Note: Please rate the post if it was helpful.
Regards,
Akhtar
05-31-2007 12:09 AM
Route-map is often known as source based routing i.e. for a specific source u define a specific path to the destination. Remember that route-map is always applied at the point nearest to the source & not destination.
05-31-2007 12:27 AM
Thanks for the prompt reply. But still I want to know that whether a router will execute the route map if the destination ip address to be mathed in match command is the ip address of the router itself? Will it then send the packet to next hop defined in "set-ip-netxhop"? Thanks.
05-31-2007 02:57 AM
Hi,
I think the policy route behaves like static route therefore you cannot override the directly connected routes.
Krisztian
05-31-2007 05:15 AM
The order of processing the packets will be
directly connected
static route
route-map
so the route map will not work
06-04-2007 10:05 AM
Can anyone pls tell me that what can I do to forward traffic from router to another directly connected device if the traffic is destined for the same router from which I want to forward it to another device connected to another interface of the router?
Let me clarify it by example. Suppose that a packet arrives at an interface of a router. The destination ip address of the packet is 1.1.1.1 and this is the ip address of the router interface where it has arrived. I want that router on seeing such packet forward it to 2.2.2.2 which is also directly connected to it with another interface. Thanks.
06-04-2007 08:10 PM
Hi,
may i know why you want to accomplish this ?
can you put a simple diagram
06-05-2007 05:51 AM
Actually I am making a scenario of redundant internet. I have a web server connected to the DMZ interface of my firewall. I want two internet links from separate ISPs for redundancy. But I can't terminate both internet links directly on my firewall, that's why I have placed a router connected to the external interface of the firewall and two internet links are coming on the router. Now both interfaces of the router connected with the ISPs has public ip addresses on them. However the link between the router and the firewall has private ip addressing scheme on it. That's why I want that any traffic landing on the internet interfaces of the router to be forwarded to firewall.
You can also think here that why am I not terminating both internet links directly on the firewall. The reason being I have to keep track of the internet that whether its alive and shift on backup in case its donw. This can be done only on the router through several ways, like OER, Object Tracking, etc. Also I want to host the both poublic ip address of router interfaces in the DNS against a single domain. That's why I am not using single public ip address on firewall external interface.
The firewall I am using is SideWinder of SecureComputing. Thanks.
06-05-2007 08:59 PM
are both the ISPs supporting to route to your webserver ?
Usually this is possible only when they are running some kind of a routing protocol.
Or will your sidewinder firewall change the IP to the alternate ISP's IP when one ISP link goes down ?
06-11-2007 11:59 PM
Hi,
What you want to achieve would be achieved by configuring static NAT over inbound connections. Following links would help you in doing this:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
http://blogs.techrepublic.com.com/networking/?p=264&tag=nl.e115
As far as redundancy for your domain is concerned, i would suggest you to have an AS number from RIR(eg. APNIC) plus Provider Independant IPs, after doing that start BGP Multihoming with both ISPs in Primary/backup fashion.
Note: Please rate the post if it was helpful.
Regards,
Akhtar
06-04-2007 10:15 AM
Hi Anand,
The order of operation is first policy route (if the traffic matches the ACL) and then ip routing. Connected and static routes are all a part of ip routing table so policy route will be preferred first , then routing table and from routing table first connected route and then static route.
http://www.cisco.com/warp/public/556/5.html
Regards,
Ankur
06-04-2007 08:06 PM
Hi,
Sorry you are right.
Route-map takes priority over ip routing.
So the order is
Route-map
administrative distance
|
|
directly connected
|
static
|
EIGRP
|
EBGP
06-07-2007 09:16 AM
06-12-2007 12:21 AM
Hi,
I've noticed this statement "But important thing to notice is that the destination ip address which I am trying to match is the ip address of the same interface where I am applying the route map".
Please correct me if i am wrong, if the destination to be matched is the same IP of the interface that you have configured the PBR, why would the router do PBR since it has already reached its destination.
Please elaborate further with your design and needs.
HTH, please do rate all helpful replies,
Mohammed Mahmoud.
06-13-2007 08:59 PM
Thanks for replying. ACtually the webserver is behind the router wiht the private ip addressing scheme between router and the webserver. But Akhtar's advise has helped me to solve the issue through NAT. He deserves rating. Thanks Akhtar.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide