Policy Based Routing, or something

Answered Question
Jul 27th, 2007

Hi, I can't seem to wrap my head around this one.

I have a remote subnet (172.27.40.0/23) that connects back to our main location where our internet service originates. Our local network is 172.27.8.0/21.

The remote router is 172.27.40.1 and it's only route is the default route back to the main location through it's "outside" interface.

The local router(172.27.12.2) has multiple statements, as several other remote sites come through it as well. There is one route to send traffic bound for 40.0/23 to 40.1, and one to send all other traffic to our main 6509 core. (172.27.15.1)From there traffic gets routed to the internet.

We've installed a Sonicwall on a new internet connection at 172.27.12.200. My issue is I would like to send all internet traffic from the 40.0 subnet to the Sonicwall (Blech on that BTW)as a test. A test I'll have to un-do when we go live, I might add.

Any thoughts on an easy way to do this?

Thanks for any help. I can post configs,etc if that will help.

Correct Answer by Edison Ortiz about 9 years 7 months ago

PBR (Policy Based Routing) is what you need. You will have to configure the 172.27.12.2 router with the following at the ingress connection from the remote network.

First, let's create the ACL for interesting traffic.

ip access-list extended NETPRO

deny ip 172.27.40.0 0.0.1.255 [your location network subnets]

permit ip 172.27.40.0 0.0.1.255 any

Then, we create the route-map to match the traffic and change the next-hop only on default route.

route-map NETPRO permit 10

match ip address NETPRO

set ip default next-hop 172.27.12.200

And finally, we apply the policy at the ingress interface

interface s0/0

ip policy route-map NETPRO

HTH,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Edison Ortiz Fri, 07/27/2007 - 07:19

PBR (Policy Based Routing) is what you need. You will have to configure the 172.27.12.2 router with the following at the ingress connection from the remote network.

First, let's create the ACL for interesting traffic.

ip access-list extended NETPRO

deny ip 172.27.40.0 0.0.1.255 [your location network subnets]

permit ip 172.27.40.0 0.0.1.255 any

Then, we create the route-map to match the traffic and change the next-hop only on default route.

route-map NETPRO permit 10

match ip address NETPRO

set ip default next-hop 172.27.12.200

And finally, we apply the policy at the ingress interface

interface s0/0

ip policy route-map NETPRO

HTH,

Actions

This Discussion