Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4742
Views
0
Helpful
6
Replies

Two gateways of last resort

Go to solution
britdecker
Level 1
Level 1

‎10-09-2009 10:56 AM - edited ‎03-06-2019 08:04 AM

Hello all,

My question revolves around having two gateways of last resort to the internet in my network core. We are getting ready to test our new firewall infrastructure (Cisco 5540's) and I need to be able to send test groups to the new firewalls selectively. Is there a way to use PBR to shove selected subnets to a different gateway of last resort without effecting my current gateway of last resort (to our production firewalls)that is used company wide? My core consist of two 4506's and we are running EIGRP as a protocol.

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to britdecker

‎10-09-2009 12:56 PM

Hello Brit,

I was in doubt about this ...

the number you place at the end of a static route is not a metric but an AD administrative distance

but the answer is yes use:

ip route 0.0.0.0 0.0.0.0 x.x.x.b 201

so this will be a backup static route used only if first one fails

Hope to help

Giuseppe

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-09-2009 11:06 AM

Hello Brit,

generally speaking PBR would be the right tool for this and would leave the EIGRP default route unaffected.

to be noted that PBR support on C4506 depends on supervisor type and IOS image.

Hope to help

Giuseppe

0 Helpful

Go to solution
britdecker
Level 1
Level 1
In response to Giuseppe Larosa

‎10-09-2009 11:21 AM

Gluseppe,

Thanks for the quick response! Our cores have SUP V's so I think we should be ok to run PBR. So my current default route is static:

ip route 0.0.0.0 0.0.0.0 x.x.x.A

Will I need to create a second default route and the use PRB to point to it?

ip route 0.0.0.0 0.0.0.0 x.x.x.b

access-list 101 permit ip 10.1.1.0 255.0.0.0 any <-- what do I use here? "any" will stomp on my local routes. How do I define "only if you don't have a local route'?

route-map LOCAL_MAP permit 10

match ip address 101

set ip next-hop x.x.x.b

ip local policy route-map LOCAL_MAP

Sorry for all the questions.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to britdecker

‎10-09-2009 11:37 AM

Hello Brit,

I think PBR should be used applying the route map to interface(s) that receives the traffic to be diverted.

>> How do I define "only if you don't have a local route'?

use

set ip default next-hop x.x.x.b

in this way the routing table is consulted first if no entry exists the route-map set next-hop is applied

be aware that using two static routes in this way will case outbound load balancing

Hope to help

Giuseppe

0 Helpful

Go to solution
britdecker
Level 1
Level 1
In response to Giuseppe Larosa

‎10-09-2009 12:50 PM

Gluseppe,

I don't want to load balance so will placing a higher metric on the second default route rule out load balancing?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to britdecker

‎10-09-2009 12:56 PM

Hello Brit,

I was in doubt about this ...

the number you place at the end of a static route is not a metric but an AD administrative distance

but the answer is yes use:

ip route 0.0.0.0 0.0.0.0 x.x.x.b 201

so this will be a backup static route used only if first one fails

Hope to help

Giuseppe

0 Helpful

Go to solution
britdecker
Level 1
Level 1
In response to Giuseppe Larosa

‎10-09-2009 01:00 PM

Gluseppe,

That answers it, thanks for your help!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card