Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
5
Helpful
3
Replies

Policy Based Routing, or something

Go to solution
k.aumell
Level 1
Level 1

‎07-27-2007 05:25 AM - edited ‎03-05-2019 05:31 PM

Hi, I can't seem to wrap my head around this one.

I have a remote subnet (172.27.40.0/23) that connects back to our main location where our internet service originates. Our local network is 172.27.8.0/21.

The remote router is 172.27.40.1 and it's only route is the default route back to the main location through it's "outside" interface.

The local router(172.27.12.2) has multiple statements, as several other remote sites come through it as well. There is one route to send traffic bound for 40.0/23 to 40.1, and one to send all other traffic to our main 6509 core. (172.27.15.1)From there traffic gets routed to the internet.

We've installed a Sonicwall on a new internet connection at 172.27.12.200. My issue is I would like to send all internet traffic from the 40.0 subnet to the Sonicwall (Blech on that BTW)as a test. A test I'll have to un-do when we go live, I might add.

Any thoughts on an easy way to do this?

Thanks for any help. I can post configs,etc if that will help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎07-27-2007 07:19 AM

PBR (Policy Based Routing) is what you need. You will have to configure the 172.27.12.2 router with the following at the ingress connection from the remote network.

First, let's create the ACL for interesting traffic.

ip access-list extended NETPRO

deny ip 172.27.40.0 0.0.1.255 [your location network subnets]

permit ip 172.27.40.0 0.0.1.255 any

Then, we create the route-map to match the traffic and change the next-hop only on default route.

route-map NETPRO permit 10

match ip address NETPRO

set ip default next-hop 172.27.12.200

And finally, we apply the policy at the ingress interface

interface s0/0

ip policy route-map NETPRO

HTH,

View solution in original post

3 Replies 3

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎07-27-2007 07:19 AM

PBR (Policy Based Routing) is what you need. You will have to configure the 172.27.12.2 router with the following at the ingress connection from the remote network.

First, let's create the ACL for interesting traffic.

ip access-list extended NETPRO

deny ip 172.27.40.0 0.0.1.255 [your location network subnets]

permit ip 172.27.40.0 0.0.1.255 any

Then, we create the route-map to match the traffic and change the next-hop only on default route.

route-map NETPRO permit 10

match ip address NETPRO

set ip default next-hop 172.27.12.200

And finally, we apply the policy at the ingress interface

interface s0/0

ip policy route-map NETPRO

HTH,

Go to solution
k.aumell
Level 1
Level 1
In response to Edison Ortiz

‎07-27-2007 07:38 AM

I;ll give this a shot - thanks for the help

0 Helpful

Go to solution
k.aumell
Level 1
Level 1
In response to Edison Ortiz

‎07-27-2007 10:44 AM

BINGO.

That did the trick.

Thanks very much.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card