Tunnel over WAN to route specific traffic

Unanswered Question
Oct 24th, 2009
User Badges:

Hello


I have a 5 site WAN. The Head Office is supposed to receive all the http(s) traffic and route that to the internet.


I have tried to configure a route-map from one of the sites but am unsuccesful.


Attached is a diagram with my network layout as well as the config for the router with the route-map and the Head Office router config.


TIA

wvw



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
simontibbitts Sun, 10/25/2009 - 03:47
User Badges:
  • Silver, 250 points or more

Hello Willem.


So are you trying to force all web traffic that enters f0/1 of site1 towards your head office? On your site1 configuration I can see you have policy routing configured but on your WAN interface so this will only affect traffic inbound from the head office.


From what I understand I think you need something like this?


interface FastEthernet0/1

ip policy route-map WWW

!

access-list 140 permit tcp any host 192.168.1.254 eq www

!

route-map WWW permit 10

match ip address 140

set ip next-hop x.x.x.x


This configuration will forward all WWW traffic destined to 192.168.1.254 that arrives on f0/1 of site1 to the next hop x.x.x.x


Is that what you are after?


Kind Regards,

Simon

willem.vanwyk Mon, 10/26/2009 - 12:18
User Badges:

Hello Simon


Thanks for your help! :)


"So are you trying to force all web traffic that enters f0/1 of site1 towards your head office?"

That is exactly what I am trying to do.

All port 80 traffic from Site1 needs to go to the Head Office router to hit 192.168.1.254.


From your example, I will configure the router and let you know how it works.


Thanks

willemvw

willem.vanwyk Mon, 10/26/2009 - 18:43
User Badges:

Hi Simon


I have changed the config on site 1's router to the following:


Int F0/1

ip address 192.168.5.100 255.255.255.0

ip policy route-map WWW


Running Config:

access-list 140 permit tcp any host 192.168.1.254 eq www

access-list 140 permit tcp any host 192.168.1.254 eq 443

queue-list 1 protocol ip 1 list 140


route-map WWW permit 10

match ip address 140

set ip next-hop 192.168.1.200



I have changed the config on Head Office's router to the following:


interface FastEthernet0/0

ip policy route-map WWW


interface FastEthernet0/1

ip policy route-map WWW


access-list 140 permit tcp any host 192.168.1.254 eq www

access-list 140 permit tcp any host 192.168.1.254 eq 443


route-map WWW permit 10

match ip address 140

set ip next-hop 192.168.1.254


This according to the customer is still not working in that he cannot browse.


I think this could be due to the route-map WWW applied to only LAN interface on the Site 1 router and also the next-hop IP Addresses. Can you please confirm whether I should make the next-hop IP Addresses 192.168.1.200 (Head Office LAN) or should I make it the 192.168.1.254 (WWW Gateway server at Head Office)


Regards

willemvw

simontibbitts Tue, 10/27/2009 - 04:21
User Badges:
  • Silver, 250 points or more

Hi Willem.


I think you need to change your ACL 140. Currently the policy routing only capture HTTP and HTTPS traffic which is destined to 192.168.1.254.


I think you want ALL HTTP and HTTPS traffic to be SENT to 192.168.1.254, so I think you need to delete ACL 140 on both routers and create it as:


access-list 140 permit tcp any any eq www

access-list 140 permit tcp any any eq 443


Kind Regards,

Simon

Actions

This Discussion