Hi, I can't seem to wrap my head around this one.
I have a remote subnet (172.27.40.0/23) that connects back to our main location where our internet service originates. Our local network is 172.27.8.0/21.
The remote router is 172.27.40.1 and it's only route is the default route back to the main location through it's "outside" interface.
The local router(172.27.12.2) has multiple statements, as several other remote sites come through it as well. There is one route to send traffic bound for 40.0/23 to 40.1, and one to send all other traffic to our main 6509 core. (172.27.15.1)From there traffic gets routed to the internet.
We've installed a Sonicwall on a new internet connection at 172.27.12.200. My issue is I would like to send all internet traffic from the 40.0 subnet to the Sonicwall (Blech on that BTW)as a test. A test I'll have to un-do when we go live, I might add.
Any thoughts on an easy way to do this?
Thanks for any help. I can post configs,etc if that will help.
PBR (Policy Based Routing) is what you need. You will have to configure the 172.27.12.2 router with the following at the ingress connection from the remote network.
First, let's create the ACL for interesting traffic.
ip access-list extended NETPRO
deny ip 172.27.40.0 0.0.1.255 [your location network subnets]
permit ip 172.27.40.0 0.0.1.255 any
Then, we create the route-map to match the traffic and change the next-hop only on default route.
route-map NETPRO permit 10
match ip address NETPRO
set ip default next-hop 172.27.12.200
And finally, we apply the policy at the ingress interface
ip policy route-map NETPRO