Using Policy routing to force WAN frame to go through Watchguard Firewall

Unanswered Question

Ok.. Here's my situation, I have 45 some odd branch locations all coming in through Frame Relay. As of right now, they have full access to the Internet because they come in one Serial interface of my 2620 router and out the other to the Internet. Only the HQ is protected by the firewall. I want to use Policy routing to force the packets through the firewall so they can be not only protected but monitored as well... Here's a chunk of my config:

interface Serial0/1.XX point-to-point

ip address 10.XX.XX.XX <- scheme for router

no ip directed-broadcast

ip nat inside

frame-relay interface-dlci XXX


ip nat pool XXX XXX.XXX.XXX.X XXX.XXX.XXX.X netmask

ip nat inside source list 1 pool XXX overload


access-list 101 permit ip any any


route-map XXX permit 10

match ip address 101

set ip next-hop XXX.XXX.X.XX <- My Firewall (inside address)


route-map XXX permit 20

Help! I have never used policy routing before!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion