VLAN Routing

rickyjohnt · ‎02-28-2008

I have 5 Vlans in my L3 Switch i want to all 4 vlans traffic to route via my ISA Proxy sever (Proxy Server Connected to 1st ISP) and . I want to route the 5th vlan traffic via my ASA firewall (ASA is connected to 2nd ISP )

mark.j.hodge · ‎02-28-2008

Take a look at policy-based routing, you would have a gateway to the ISA server for the 4 VLANs, and a policy to route via the ASA from the subnet assigned to the 5th VLAN.

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr.html

rickyjohnt · ‎02-29-2008

This is the sample configuration for PBR

access-list 1 permit ip 1.1.1.1

access-list 2 permit ip 2.2.2.2

!

interface fastethernet 1

ip policy route-map equal-access

!

route-map equal-access permit 10

match ip address 1

set ip default next-hop 6.6.6.6

route-map equal-access permit 20

match ip address 2

set ip default next-hop 7.7.7.7

route-map equal-access permit 30

set default interface null0

From this above sample configuration can you please explain the below mentioned two lines two lines

Please refer my N/W Diagram attached with this mail

interface fastethernet 1

ip policy route-map equal-access

rickyjohnt · ‎02-29-2008

This is the sample configuration for PBR

access-list 1 permit ip 1.1.1.1

access-list 2 permit ip 2.2.2.2

!

interface fastethernet 1

ip policy route-map equal-access

!

route-map equal-access permit 10

match ip address 1

set ip default next-hop 6.6.6.6

route-map equal-access permit 20

match ip address 2

set ip default next-hop 7.7.7.7

route-map equal-access permit 30

set default interface null0

From this above sample configuration can you please explain the below mentioned two lines two lines

Please refer my N/W Diagram attached with this mail

interface fastethernet 1

ip policy route-map equal-access

royalblues · ‎03-01-2008

Ricky,

The configuration tells the router to do PBR i.e to look at the route-map equal-access before making the forwarding decision.

BTW, as per your earlier post you wanted one of the vlans to be sent to the ASA and hence the above command should actually be configured under the VLAN SVI

Narayan

rickyjohnt · ‎03-01-2008

Can you tell under which VLAN i have to configure that

Please refer the Network diagram and tell

me

royalblues · ‎03-01-2008

As per the network diagram, both the ISA and ASA are having the same ip address 10.0.17.1

Also i am not sure which vlans traffic needs to go the ASA from the network diagram

for eg... if you require vlan 5 traffic to go to ASA, then configure it under vlan 5 interface

int vlan 5

ip policy route-map

You also need to make sure that the access-lists are defined properly which are eferenced under the route map

HTH

Narayan

rickyjohnt · ‎04-13-2008

access-list 105 permit ip x.x.x.x x.x.x.x any

!

interface vlan 4

ip policy route-map test

!

route-map test permit 1

match ip address 105

set ip default next-hop x.x.x.x (ASA Gateway)

I have 5 Vlans in my L3 Switch i want to all 4 vlans traffic to route via my ISA Proxy sever (Proxy Server Connected to 1st ISP) and . I want to route the 5th vlan traffic via my ASA firewall (ASA is connected to 2nd ISP )

I tried this but it is not working