route-map / next-hop

Unanswered Question
Jul 12th, 2008

I have an example as shown in the attachment.

Host 192.168.200.1 must route to RTR-1 as primary route and the rest of the traffic will be thru RTR-2. I made this possible already by putting the route-map/next-hop 10.10.1.1 on RTR-1 which is okay.

But if you'll notice, the routes is awkward because host 192.168.200.1 will route to RTR-2 (10.10.1.2) first and back to 10.10.1.1.

Is there any way that host 192.168.200.1 will go directly to 10.10.1.1? I am trying to put the PBR statement on the inside-sw1 but it still passing to RTR-2.

the traceroute to 4.2.2.2 looks like this:

192.168.200.3 (HSRP VIP)

10.10.1.2

10.10.1.1

4.2.2.2

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Sat, 07/12/2008 - 23:44

You can try using a PBR at the interface with IP 10.10.10.5 of the firewall (interface towards RTR-1) to route all traffic from 192.168.200.1 to the 10.10.10.1 ip. Similarly, for the reverse route, you may put routing information of the host only ip (255.255.255.255 subnet mask) and then route the entire subnet 192.168.200.0/24 separately

purohit_810 Sat, 07/12/2008 - 23:45

What about if you put default route at 192.168.200.1 as a 10.10.10.1?

" Drawing doesn't shows 10.10.1.1, so i consider 10.10.1.1 as a 10.10.10.1-RTR-1 "

Thanks,

Dharmesh Purohit

a.alekseev Sun, 07/13/2008 - 09:29

your traffic is going through firewall,

but you cannot do PBR on the firewall.

so RTR2 is the first hop, where you can do it.

[Pls RATE if HELPS]

bmcginn Sun, 07/13/2008 - 19:45

I don't think you can have traffic with source address 192.168.200.1 go directly to 10.10.10.1 (through 10.10.10.5) unless you send all traffic to 10.10.10.1. Firewalls don't support PBR (at least they don't that I know of) so you won't be able to route to 10.10.10.1 from 10.10.10.5 based on source address.

Have you thought about replacing the two layer 2 switches with layer 3 devices that can do PBR?

Gerard Gacusan Mon, 07/14/2008 - 06:10

Is that the outside L2 switches you're referring to? Yeah, that is what i'm thinking...

Actions

This Discussion