02-28-2008 12:48 AM - edited 03-05-2019 09:25 PM
I have 5 Vlans in my L3 Switch i want to all 4 vlans traffic to route via my ISA Proxy sever (Proxy Server Connected to 1st ISP) and . I want to route the 5th vlan traffic via my ASA firewall (ASA is connected to 2nd ISP )
02-28-2008 06:14 AM
Take a look at policy-based routing, you would have a gateway to the ISA server for the 4 VLANs, and a policy to route via the ASA from the subnet assigned to the 5th VLAN.
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr.html
02-29-2008 09:42 PM
This is the sample configuration for PBR
access-list 1 permit ip 1.1.1.1
access-list 2 permit ip 2.2.2.2
!
interface fastethernet 1
ip policy route-map equal-access
!
route-map equal-access permit 10
match ip address 1
set ip default next-hop 6.6.6.6
route-map equal-access permit 20
match ip address 2
set ip default next-hop 7.7.7.7
route-map equal-access permit 30
set default interface null0
From this above sample configuration can you please explain the below mentioned two lines two lines
Please refer my N/W Diagram attached with this mail
interface fastethernet 1
ip policy route-map equal-access
02-29-2008 09:44 PM
This is the sample configuration for PBR
access-list 1 permit ip 1.1.1.1
access-list 2 permit ip 2.2.2.2
!
interface fastethernet 1
ip policy route-map equal-access
!
route-map equal-access permit 10
match ip address 1
set ip default next-hop 6.6.6.6
route-map equal-access permit 20
match ip address 2
set ip default next-hop 7.7.7.7
route-map equal-access permit 30
set default interface null0
From this above sample configuration can you please explain the below mentioned two lines two lines
Please refer my N/W Diagram attached with this mail
interface fastethernet 1
ip policy route-map equal-access
03-01-2008 12:17 AM
Ricky,
The configuration tells the router to do PBR i.e to look at the route-map equal-access before making the forwarding decision.
BTW, as per your earlier post you wanted one of the vlans to be sent to the ASA and hence the above command should actually be configured under the VLAN SVI
Narayan
03-01-2008 12:36 AM
Can you tell under which VLAN i have to configure that
Please refer the Network diagram and tell
me
03-01-2008 12:54 AM
As per the network diagram, both the ISA and ASA are having the same ip address 10.0.17.1
Also i am not sure which vlans traffic needs to go the ASA from the network diagram
for eg... if you require vlan 5 traffic to go to ASA, then configure it under vlan 5 interface
int vlan 5
ip policy route-map
You also need to make sure that the access-lists are defined properly which are eferenced under the route map
HTH
Narayan
04-13-2008 11:15 PM
access-list 105 permit ip x.x.x.x x.x.x.x any
!
interface vlan 4
ip policy route-map test
!
route-map test permit 1
match ip address 105
set ip default next-hop x.x.x.x (ASA Gateway)
I have 5 Vlans in my L3 Switch i want to all 4 vlans traffic to route via my ISA Proxy sever (Proxy Server Connected to 1st ISP) and . I want to route the 5th vlan traffic via my ASA firewall (ASA is connected to 2nd ISP )
I tried this but it is not working
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide