PBR based on source and destination (Internet)

Unanswered Question
Jul 30th, 2008
User Badges:

i have one router with two ISP connections (one tiered ds3 (isp1) and one multilink (isp2)) - we want to test the new ds3 before we put it into production by routing the tech department (10.10.1.x) Internet traffic out of it - then have the remote branches/subnets (ex 10.10.141.x) that also connect to this router route to ISP2 which currently has a static route to the multilink and has been in production for a couple years.

the thing is i cant say send all Internet traffic to 10.10.1.2 (inside int of ASA) b/c we have internal www servers in the NOC and DMZ.

so i tried this and i didnt get any matches on the ACL so nothing happened.


access-list 155 permit ip 10.10.1.0 0.0.0.255 host 0.0.0.0


route-map tech-access permit 10

match ip address 155

set ip default next-hop 10.10.1.2


int fa0/0.10

ip policy route-map tech-access


thanks for the help.

Jerry

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Thu, 07/31/2008 - 05:30
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Try this:


access-list 155 deny ip 10.10.1.0 0.0.0.255 host www-servers

access-list 155 permit ip 10.10.1.0 0.0.0.255 any


route-map tech-access permit 10

match ip address 155

set ip next-hop 10.10.1.2


int fa0/0.10

ip policy route-map tech-access


HTH,


__


Edison.

Actions

This Discussion