Routing Help - Urgent

Answered Question
Sep 7th, 2009
User Badges:

Hi,


Need Urgent help on specific routing requirements


In Our Scenario Site_A is connected to Site_B via IPSEC GRE Tunnel running OSPF as routing protocol.

Site_A host all applications for Site_B.


We already have inplace another point-2-point link between Site_A to Site_B and

have specific requirement.

POS_Server only from Site_A should send traffic on this P-2-P link to Site_B.

Any traffic initiated from Site_B to POS_Server on Site_A should be via P-2-P link.

All other traffic should pass IPSEC-Gre_Tunnel.


Kindly Help.




Correct Answer by Edison Ortiz about 7 years 9 months ago

You will place the 'ip policy' under Vlan 10 and it will only match on the server ip address, remaining traffic will remain as before.


__


Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Mohamed Sobair Mon, 09/07/2009 - 11:02
User Badges:
  • Gold, 750 points or more


Hi,


I assumed default traffic is passing IPsec GRE tunnel


For the POS_Server you will need to have policy based routing.


Likewise , for the traffic initiated from site_B to POS_Server you will also need to have policy based routing.


HTH

Mohamed

Jon Marshall Mon, 09/07/2009 - 11:03
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If you need to send certain traffic one way based on the source IP address then you need to use PBR (Policy Based Routing). See this link for configuration details -


http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056703


Jon

Edison Ortiz Mon, 09/07/2009 - 11:07
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You will need Policy-Based Routing (PBR) on both routers as you will modify the routing based on the source.


On the router at Site_A


access-list 101 permit ip [server_ip] [site_b subnet]


route-map server_pbr

match address 101

set ip next-hop [p-2-p link]


interface fx/x

description LAN facing interface

ip policy route-map server_pbr


On the router at Site_B


access-list 101 permit ip [site_b subnet] [server_ip]


route-map server_pbr

match address 101

set ip next-hop [p-2-p link]


interface fx/x

description LAN facing interface

ip policy route-map server_pbr


HTH,


__


Edison.



Amin Shaikh Mon, 09/07/2009 - 12:18
User Badges:

Thanks to all for the input.


This is the way my backbone router is connected to POS_Server and VPN_Router.


I didnt get where should I apply the IP policy route-map command.


----------------------------------------

Vlan=192

BackBone_Router : 192.168.10.1/30

VPN_Router : 192.168.10.2/30


Interface gi3/12

Description connected to VPN_router

switchport access VLAN 192

-------------------------------------

Vlan=10

BackBone_Router : 10.10.10.254/24

POS_Server : 10.10.10.75/24


Interface 2/7

Description Connected to POS_Server

Switchport access vlan 10


--------------------------------------

On VLAN 10 there more server's which needs to be accessed from Site_B and the traffic needs to flow via IPSEC_GRE_Tunnel


Hopefully this config will not impact traffic for other server.


Correct Answer
Edison Ortiz Mon, 09/07/2009 - 15:59
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You will place the 'ip policy' under Vlan 10 and it will only match on the server ip address, remaining traffic will remain as before.


__


Edison.

Actions

This Discussion