03-05-2007 11:47 PM - edited 03-05-2019 02:43 PM
Hi,
Please refer to the diagram I have attached. I have configured the following.
The default gateway to the internet for switch 1 is via 10.50.100.2.
The gateway to vlan 10 and 30 is the vlan configured on switch 1 for . such that all traffic goes from Pix 1.
I have a new Vlan vlan 172. I have configured the gateway for this vlan on switch 3.
I have tested the reachability to and from this vlan to all other vlans.
I now want the clients on vlan 172 to go through the other pix 2 to the internet and access the lan as usual.
I configured the following Route map on Switch3.
ip access-list extended DMZList
Permit ip 172.16.200.0 0.0.0.255 any
Route-map DMZRoute Permit 10
match ip address DMZList
set ip next 10.50.100.3
interface Vlan172
ip policy route-map DMZRoute.
On applying the route map the clients from vlan 172 can reach internet however loses all connectivity to the internal network.
What could go wrong ? and what should be the things that I should look out for.
I would appreciate your help.
thankx
03-06-2007 12:10 AM
Hi Sanjay
I would suggest to redefine the ACL in which you can deny the access from VLAN 172 to other internal networks and permit VLAN 172 to access any.
I feel this may enforce the denied traffic to use normal routing table and the permitted traffic to make use of the next hop defined in your route-map..
very similar to below config lines..
ip access-list extended DMZList
Deny ip 172.16.200.0 0.0.0.255 10.10.100.0 0.0.0.255
Deny ip 172.16.200.0 0.0.0.255 10.30.100.0 0.0.0.255
Permit ip 172.16.200.0 0.0.0.255 any
Route-map DMZRoute Permit 10
match ip address DMZList
set ip next 10.50.100.3
interface Vlan172
ip policy route-map DMZRoute.
regds
03-07-2007 11:45 PM
hi,
your suggestion was indeed the solution. I had added another statement to the route map in which i set the next hop to switch 1 for the other vlans without realizing that access list in the first statement allowed "any" traffic and thus the permit 20 in the route map will never be evaluated.
thanx a lot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide