Policy Based Routing, or something

Answered Question
Jul 27th, 2007
User Badges:

Hi, I can't seem to wrap my head around this one.


I have a remote subnet (172.27.40.0/23) that connects back to our main location where our internet service originates. Our local network is 172.27.8.0/21.


The remote router is 172.27.40.1 and it's only route is the default route back to the main location through it's "outside" interface.


The local router(172.27.12.2) has multiple statements, as several other remote sites come through it as well. There is one route to send traffic bound for 40.0/23 to 40.1, and one to send all other traffic to our main 6509 core. (172.27.15.1)From there traffic gets routed to the internet.


We've installed a Sonicwall on a new internet connection at 172.27.12.200. My issue is I would like to send all internet traffic from the 40.0 subnet to the Sonicwall (Blech on that BTW)as a test. A test I'll have to un-do when we go live, I might add.


Any thoughts on an easy way to do this?


Thanks for any help. I can post configs,etc if that will help.

Correct Answer by Edison Ortiz about 9 years 11 months ago

PBR (Policy Based Routing) is what you need. You will have to configure the 172.27.12.2 router with the following at the ingress connection from the remote network.


First, let's create the ACL for interesting traffic.


ip access-list extended NETPRO

deny ip 172.27.40.0 0.0.1.255 [your location network subnets]

permit ip 172.27.40.0 0.0.1.255 any


Then, we create the route-map to match the traffic and change the next-hop only on default route.


route-map NETPRO permit 10

match ip address NETPRO

set ip default next-hop 172.27.12.200



And finally, we apply the policy at the ingress interface


interface s0/0

ip policy route-map NETPRO


HTH,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Edison Ortiz Fri, 07/27/2007 - 07:19
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

PBR (Policy Based Routing) is what you need. You will have to configure the 172.27.12.2 router with the following at the ingress connection from the remote network.


First, let's create the ACL for interesting traffic.


ip access-list extended NETPRO

deny ip 172.27.40.0 0.0.1.255 [your location network subnets]

permit ip 172.27.40.0 0.0.1.255 any


Then, we create the route-map to match the traffic and change the next-hop only on default route.


route-map NETPRO permit 10

match ip address NETPRO

set ip default next-hop 172.27.12.200



And finally, we apply the policy at the ingress interface


interface s0/0

ip policy route-map NETPRO


HTH,


k.aumell Fri, 07/27/2007 - 07:38
User Badges:

I;ll give this a shot - thanks for the help


k.aumell Fri, 07/27/2007 - 10:44
User Badges:

BINGO.


That did the trick.


Thanks very much.

Actions

This Discussion