I have an interesting scenerio, it is only for testing purposes and not what we will use for production. This is just for testing! Here is what I am trying to do.
I have a VLAN that is set-up for all workstations:
ip address 10.1.0.1 255.255.240.0
ip ospf priority 10
ip policy route-map VLAN100_POLICY
In this router/msfc we are running EIGRP and OSPF, now this is now where the issue is at, this is pretty straight forward. We then have a default route:
ip route 0.0.0.0 0.0.0.0 192.168.3.10
This is the interface IP on the firewall.
In this path there is a proxy 192.168.3.5
Here is the route-map that is applied to the VLAN interface:
route-map VLAN100_POLICY permit 10
match ip address GOTO_FIREWALL
set ip default next-hop 10.254.1.10
In this acl we have IP's that will be used to bypass the proxy. The list is quite long so I will not bore you all with the info.
Ok onto what I need to do.
I am setting up a new proxy with more features and need to test a handful of users. I have my IP 10.1.15.100 that needs to take a different path:
New VLAN103 192.168.103.1
New proxy 192.168.103.5
New firewall interface 192.168.103.10
Here are the ACL's I have created so far:
ip access-list extended BYPASS-BC2-TO-DMZ
permit ip host 10.1.15.100 192.168.0.0 0.0.255.255
ip access-list extended BYPASS-BC2-TO-E1
permit ip host 10.1.15.100 10.1.252.0 0.0.0.255
ip access-list extended GOTO-BLUECOAT2
permit ip host 10.1.15.100 any
And the route-maps for manipulation:
route-map VLAN100_POLICY permit 15
match ip address BYPASS-BC2-TO-DMZ
set ip next-hop 10.254.1.10
route-map VLAN100_POLICY permit 20
match ip address GOTO-BLUECOAT2
set ip next-hop 192.168.103.10
I am trying to get internal access set-up and having a difficult time.
For instance I need to get to 10.1.252.54, which is directly connected:
ip address 10.1.252.1 255.255.255.0
MONR001#sh ip route 10.1.252.54
Routing entry for 10.1.252.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via eigrp 555, ospf 100
Advertised by ospf 100
Routing Descriptor Blocks:
* directly connected, via Vlan252
Route metric is 0, traffic share count is 1
Is there a way to get my workstation to go to 10.1.252.0/24 network with a route-map to a directly connected IP?