Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing Help Please

Hi,

I am tasked with changing the routing for the server in the attached diagram. It is a citrix secure gateway.

The switch in the diag 192.168.100.23/21 is the gateway for that network and currently routes default traffic to the firewall 192.168.100.252.

What I want to achieve that is externally bound traffic from the server get routed to 192.168.100.240.

Can anyone suggest a way of doing this?

Regards

J mack

6 REPLIES

Re: Routing Help Please

What kinda switch is the gateway.

If the platform supports you can implement PBR to route traffic originated from the server to 192.168.100.240.

route-map test permit 10

match ip address 100

set ip next-hop 192.168.100.240

access-list 100 deny ip host 192.168.100.55

access-list 100 permit ip host 192.168.100.55 any

int vlan 1

ip policy route-map test

HTH, rate if it does

Narayan

New Member

Re: Routing Help Please

Hi Narayan,

It's a Cat 3750 on 12.2. So it looks like I should be able to acheive this.

I still want the internal networks to be able to access this so do i need to ammend the access list?

Will implementing PBR affect other routes i have running.

1.0.0.0/24 is subnetted, 1 subnets

S 1.0.84.0 [1/0] via 192.168.100.240

C 192.168.210.0/24 is directly connected, Vlan2

194.130.108.0/32 is subnetted, 1 subnets

S 194.130.108.102 [1/0] via 192.168.100.240

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

S 172.16.4.62/32 [1/0] via 192.168.100.38

S 172.16.4.0/22 [1/0] via 192.168.100.240

C 192.168.11.0/24 is directly connected, Vlan20

S 192.168.250.0/24 [1/0] via 192.168.100.240

195.188.18.0/32 is subnetted, 2 subnets

S 195.188.18.110 [1/0] via 192.168.100.240

S 195.188.18.99 [1/0] via 192.168.100.240

C 192.168.220.0/24 is directly connected, Vlan3

C 192.168.1.0/24 is directly connected, Vlan10

S 192.168.32.0/24 [1/0] via 192.168.100.240

S* 0.0.0.0/0 [1/0] via 192.168.100.252

C 192.168.96.0/21 is directly connected, Vlan1

Or the hosts connectivity for hosts in VLAN 1?

Regards

J Mack

Re: Routing Help Please

Yes you need to deny the internal subnets so that they are not directed towards the PBR.

Make sure you configure the proper SDM template as well to support PBR

HTH, rate if it does

Narayan

New Member

Re: Routing Help Please

Ok thanks.

However the server is a secure gateway that needs to talk to the citrix server 192.168.100.17, is that still feasible whilst denying the rest of the subnet?

Also with regard to the SDM template do you know of any good articles i could get some more info on this?

Regards

J Mack

New Member

Re: Routing Help Please

further to that would changing the access-list to something like this

access-list 100 permit ip host 192.168.100.55 host 192.168.100.17

access-list 100 permit ip host 192.168.100.17 host 192.168.100.55

access-list 100 deny ip host 192.168.100.55

access-list 100 permit ip host 192.168.100.55 any

enable the communication I need between those two servers?

New Member

Re: Routing Help Please

Hi,

Just wondered if anyone could let me know if the above access-list would work? and what i should implement as an SDM template.

Regards

j Mack

120
Views
6
Helpful
6
Replies