Routing Suggestions needed

Unanswered Question
May 5th, 2009

Hi,

I have a scenario(diagram attached) where different external vendors will be coming in and accessing our database via a secured mpls network. We will be using EIGRP between our head end and the remote vendor sites router with the same autonomous number.

Because of business requirement, some vendors are allowed to access other vendors site via our VPN cloud and the end-to-end logical path should be strictly via the firewall. Because EIGRP can route traffic between remote sites, we need to avoid and to push all the routers ingress traffic towards the firewall. Then the firewall will decide to forward the traffic back to the remote site or will drop it.

If there is no switch in the middle between firewall and router, I can use policy based routing to push all the remote traffic towards the firewall's IP. But I am lost now.

Can someone suggest something how to proceed with this. I have attached a diagram.

Thanks

Rajesh

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 05/06/2009 - 00:48

Rajesh

There are a number of ways to approach this but the easiest would be to use the recursive next hop with PBR. So on the 3845 just set the next-hop to be the firewall and as long as the 3845 has a route to the firewall you should be fine. See attached link for details -

http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_prb_rec_next_hop_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Jon

Actions

This Discussion