Solved: Routing Help - Urgent

Amin Shaikh · ‎09-07-2009

Hi,

Need Urgent help on specific routing requirements

In Our Scenario Site_A is connected to Site_B via IPSEC GRE Tunnel running OSPF as routing protocol.

Site_A host all applications for Site_B.

We already have inplace another point-2-point link between Site_A to Site_B and

have specific requirement.

POS_Server only from Site_A should send traffic on this P-2-P link to Site_B.

Any traffic initiated from Site_B to POS_Server on Site_A should be via P-2-P link.

All other traffic should pass IPSEC-Gre_Tunnel.

Kindly Help.

Edison Ortiz · ‎09-07-2009

You will place the 'ip policy' under Vlan 10 and it will only match on the server ip address, remaining traffic will remain as before.

__

Edison.

View solution in original post

Mohamed Sobair · ‎09-07-2009

Hi,

I assumed default traffic is passing IPsec GRE tunnel

For the POS_Server you will need to have policy based routing.

Likewise , for the traffic initiated from site_B to POS_Server you will also need to have policy based routing.

HTH

Mohamed

Jon Marshall · ‎09-07-2009

If you need to send certain traffic one way based on the source IP address then you need to use PBR (Policy Based Routing). See this link for configuration details -

http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056703

Jon

Edison Ortiz · ‎09-07-2009

You will need Policy-Based Routing (PBR) on both routers as you will modify the routing based on the source.

On the router at Site_A

access-list 101 permit ip [server_ip] [site_b subnet]

route-map server_pbr

match address 101

set ip next-hop [p-2-p link]

interface fx/x

description LAN facing interface

ip policy route-map server_pbr

On the router at Site_B

access-list 101 permit ip [site_b subnet] [server_ip]

route-map server_pbr

match address 101

set ip next-hop [p-2-p link]

interface fx/x

description LAN facing interface

ip policy route-map server_pbr

HTH,

__

Edison.

Amin Shaikh · ‎09-07-2009

Thanks to all for the input.

This is the way my backbone router is connected to POS_Server and VPN_Router.

I didnt get where should I apply the IP policy route-map command.

----------------------------------------

Vlan=192

BackBone_Router : 192.168.10.1/30

VPN_Router : 192.168.10.2/30

Interface gi3/12

Description connected to VPN_router

switchport access VLAN 192

-------------------------------------

Vlan=10

BackBone_Router : 10.10.10.254/24

POS_Server : 10.10.10.75/24

Interface 2/7

Description Connected to POS_Server

Switchport access vlan 10

--------------------------------------

On VLAN 10 there more server's which needs to be accessed from Site_B and the traffic needs to flow via IPSEC_GRE_Tunnel

Hopefully this config will not impact traffic for other server.

Edison Ortiz · ‎09-07-2009

You will place the 'ip policy' under Vlan 10 and it will only match on the server ip address, remaining traffic will remain as before.

__

Edison.