Routing Help Please

Unanswered Question
Jun 12th, 2007
User Badges:

Hi,


I am tasked with changing the routing for the server in the attached diagram. It is a citrix secure gateway.


The switch in the diag 192.168.100.23/21 is the gateway for that network and currently routes default traffic to the firewall 192.168.100.252.


What I want to achieve that is externally bound traffic from the server get routed to 192.168.100.240.


Can anyone suggest a way of doing this?


Regards

J mack




Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
royalblues Tue, 06/12/2007 - 09:19
User Badges:
  • Green, 3000 points or more

What kinda switch is the gateway.


If the platform supports you can implement PBR to route traffic originated from the server to 192.168.100.240.


route-map test permit 10

match ip address 100

set ip next-hop 192.168.100.240


access-list 100 deny ip host 192.168.100.55

access-list 100 permit ip host 192.168.100.55 any


int vlan 1

ip policy route-map test


HTH, rate if it does

Narayan

johnnymac Wed, 06/13/2007 - 02:01
User Badges:

Hi Narayan,


It's a Cat 3750 on 12.2. So it looks like I should be able to acheive this.


I still want the internal networks to be able to access this so do i need to ammend the access list?


Will implementing PBR affect other routes i have running.


1.0.0.0/24 is subnetted, 1 subnets

S 1.0.84.0 [1/0] via 192.168.100.240

C 192.168.210.0/24 is directly connected, Vlan2

194.130.108.0/32 is subnetted, 1 subnets

S 194.130.108.102 [1/0] via 192.168.100.240

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

S 172.16.4.62/32 [1/0] via 192.168.100.38

S 172.16.4.0/22 [1/0] via 192.168.100.240

C 192.168.11.0/24 is directly connected, Vlan20

S 192.168.250.0/24 [1/0] via 192.168.100.240

195.188.18.0/32 is subnetted, 2 subnets

S 195.188.18.110 [1/0] via 192.168.100.240

S 195.188.18.99 [1/0] via 192.168.100.240

C 192.168.220.0/24 is directly connected, Vlan3

C 192.168.1.0/24 is directly connected, Vlan10

S 192.168.32.0/24 [1/0] via 192.168.100.240

S* 0.0.0.0/0 [1/0] via 192.168.100.252

C 192.168.96.0/21 is directly connected, Vlan1


Or the hosts connectivity for hosts in VLAN 1?


Regards

J Mack


royalblues Wed, 06/13/2007 - 02:33
User Badges:
  • Green, 3000 points or more

Yes you need to deny the internal subnets so that they are not directed towards the PBR.


Make sure you configure the proper SDM template as well to support PBR


HTH, rate if it does

Narayan

johnnymac Wed, 06/13/2007 - 03:53
User Badges:

Ok thanks.


However the server is a secure gateway that needs to talk to the citrix server 192.168.100.17, is that still feasible whilst denying the rest of the subnet?


Also with regard to the SDM template do you know of any good articles i could get some more info on this?


Regards

J Mack

johnnymac Wed, 06/13/2007 - 04:30
User Badges:

further to that would changing the access-list to something like this


access-list 100 permit ip host 192.168.100.55 host 192.168.100.17

access-list 100 permit ip host 192.168.100.17 host 192.168.100.55

access-list 100 deny ip host 192.168.100.55

access-list 100 permit ip host 192.168.100.55 any


enable the communication I need between those two servers?



johnnymac Thu, 06/14/2007 - 01:00
User Badges:

Hi,


Just wondered if anyone could let me know if the above access-list would work? and what i should implement as an SDM template.


Regards

j Mack

Actions

This Discussion