06-10-2010 01:41 PM - edited 03-04-2019 08:45 AM
See attached drawings..
We can't get the Cisco 3560 to route traffic properly.
We need all traffic that comes in on the 172 network to go back out over it. Currently all traffic is routing out to the 192.168.10.X network regardless of where it comes in from.
Switch CLI posted...
Any ideas?
06-10-2010 01:52 PM
All the traffic is going to 192.168.10.1 because that’s the default gateway on the 3560. What traffic would you want to utilize the 192.168.10.0/24 network?
Chris
06-10-2010 01:57 PM
any traffic that comes in over the Eth 0/2 port I need to be routed back out over that port. this port is used for VPN traffic only. how do we specify that the traffic coming in over this port is routed back out over this port...
06-10-2010 02:03 PM
There are ways to do what you are describing; vrf-lite on the 3560 comes to mind. But I believe it would become difficult to support.
Are there VPN tunnels terminated on the Adtran router today? If so migrate these tunnels to your ASA and the routing problems disappear.
Chris
06-10-2010 02:46 PM
Could i make this work using Policy Based Routing?:
http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml
06-10-2010 02:57 PM
I generally avoid PBR as I consider it a break fix option and not a scalable solution.
That said if you know the VPN addresses you want to route from the 3560 to the Adtran @ 192.168.10.1 you could create a policy that would facilitate it. Armed with that information you could simply use static routes to force the selected networks to the Adtran vs. the ASA. Both of these options are less than desirable for a ‘predicable supportable network’
Routing everything though the ASA will result in a more supportable topology. If you have a syslog server and point the ASA at it; you will also gather valuable data about the traffic traversing these devices.
Chris
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: