07-12-2008 06:10 PM - edited 03-03-2019 10:42 PM
I have an example as shown in the attachment.
Host 192.168.200.1 must route to RTR-1 as primary route and the rest of the traffic will be thru RTR-2. I made this possible already by putting the route-map/next-hop 10.10.1.1 on RTR-1 which is okay.
But if you'll notice, the routes is awkward because host 192.168.200.1 will route to RTR-2 (10.10.1.2) first and back to 10.10.1.1.
Is there any way that host 192.168.200.1 will go directly to 10.10.1.1? I am trying to put the PBR statement on the inside-sw1 but it still passing to RTR-2.
the traceroute to 4.2.2.2 looks like this:
192.168.200.3 (HSRP VIP)
10.10.1.2
10.10.1.1
4.2.2.2
07-12-2008 11:44 PM
You can try using a PBR at the interface with IP 10.10.10.5 of the firewall (interface towards RTR-1) to route all traffic from 192.168.200.1 to the 10.10.10.1 ip. Similarly, for the reverse route, you may put routing information of the host only ip (255.255.255.255 subnet mask) and then route the entire subnet 192.168.200.0/24 separately
07-12-2008 11:45 PM
What about if you put default route at 192.168.200.1 as a 10.10.10.1?
" Drawing doesn't shows 10.10.1.1, so i consider 10.10.1.1 as a 10.10.10.1-RTR-1 "
Thanks,
Dharmesh Purohit
07-13-2008 12:09 AM
This will not work with the scenario.
07-13-2008 11:41 AM
yeah ... typo error ... that is 10.10.10.0/24
07-13-2008 11:42 AM
yeah ... typo error ... that is 10.10.10.0/24
07-13-2008 09:29 AM
your traffic is going through firewall,
but you cannot do PBR on the firewall.
so RTR2 is the first hop, where you can do it.
[Pls RATE if HELPS]
07-13-2008 11:39 AM
looks like PBR on the firewall is not an option and i tried that too.
07-13-2008 07:45 PM
I don't think you can have traffic with source address 192.168.200.1 go directly to 10.10.10.1 (through 10.10.10.5) unless you send all traffic to 10.10.10.1. Firewalls don't support PBR (at least they don't that I know of) so you won't be able to route to 10.10.10.1 from 10.10.10.5 based on source address.
Have you thought about replacing the two layer 2 switches with layer 3 devices that can do PBR?
07-14-2008 06:10 AM
Is that the outside L2 switches you're referring to? Yeah, that is what i'm thinking...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: