Routing Help Please

Unanswered Question
Jun 12th, 2007

Hi,

I am tasked with changing the routing for the server in the attached diagram. It is a citrix secure gateway.

The switch in the diag 192.168.100.23/21 is the gateway for that network and currently routes default traffic to the firewall 192.168.100.252.

What I want to achieve that is externally bound traffic from the server get routed to 192.168.100.240.

Can anyone suggest a way of doing this?

Regards

J mack

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
royalblues Tue, 06/12/2007 - 09:19

What kinda switch is the gateway.

If the platform supports you can implement PBR to route traffic originated from the server to 192.168.100.240.

route-map test permit 10

match ip address 100

set ip next-hop 192.168.100.240

access-list 100 deny ip host 192.168.100.55

access-list 100 permit ip host 192.168.100.55 any

int vlan 1

ip policy route-map test

HTH, rate if it does

Narayan

johnnymac Wed, 06/13/2007 - 02:01

Hi Narayan,

It's a Cat 3750 on 12.2. So it looks like I should be able to acheive this.

I still want the internal networks to be able to access this so do i need to ammend the access list?

Will implementing PBR affect other routes i have running.

1.0.0.0/24 is subnetted, 1 subnets

S 1.0.84.0 [1/0] via 192.168.100.240

C 192.168.210.0/24 is directly connected, Vlan2

194.130.108.0/32 is subnetted, 1 subnets

S 194.130.108.102 [1/0] via 192.168.100.240

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

S 172.16.4.62/32 [1/0] via 192.168.100.38

S 172.16.4.0/22 [1/0] via 192.168.100.240

C 192.168.11.0/24 is directly connected, Vlan20

S 192.168.250.0/24 [1/0] via 192.168.100.240

195.188.18.0/32 is subnetted, 2 subnets

S 195.188.18.110 [1/0] via 192.168.100.240

S 195.188.18.99 [1/0] via 192.168.100.240

C 192.168.220.0/24 is directly connected, Vlan3

C 192.168.1.0/24 is directly connected, Vlan10

S 192.168.32.0/24 [1/0] via 192.168.100.240

S* 0.0.0.0/0 [1/0] via 192.168.100.252

C 192.168.96.0/21 is directly connected, Vlan1

Or the hosts connectivity for hosts in VLAN 1?

Regards

J Mack

royalblues Wed, 06/13/2007 - 02:33

Yes you need to deny the internal subnets so that they are not directed towards the PBR.

Make sure you configure the proper SDM template as well to support PBR

HTH, rate if it does

Narayan

johnnymac Wed, 06/13/2007 - 03:53

Ok thanks.

However the server is a secure gateway that needs to talk to the citrix server 192.168.100.17, is that still feasible whilst denying the rest of the subnet?

Also with regard to the SDM template do you know of any good articles i could get some more info on this?

Regards

J Mack

johnnymac Wed, 06/13/2007 - 04:30

further to that would changing the access-list to something like this

access-list 100 permit ip host 192.168.100.55 host 192.168.100.17

access-list 100 permit ip host 192.168.100.17 host 192.168.100.55

access-list 100 deny ip host 192.168.100.55

access-list 100 permit ip host 192.168.100.55 any

enable the communication I need between those two servers?

johnnymac Thu, 06/14/2007 - 01:00

Hi,

Just wondered if anyone could let me know if the above access-list would work? and what i should implement as an SDM template.

Regards

j Mack

Actions

This Discussion