Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Two gateways of last resort

Hello all,

My question revolves around having two gateways of last resort to the internet in my network core. We are getting ready to test our new firewall infrastructure (Cisco 5540's) and I need to be able to send test groups to the new firewalls selectively. Is there a way to use PBR to shove selected subnets to a different gateway of last resort without effecting my current gateway of last resort (to our production firewalls)that is used company wide? My core consist of two 4506's and we are running EIGRP as a protocol.

Thanks in advance!

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Two gateways of last resort

Hello Brit,

I was in doubt about this ...

the number you place at the end of a static route is not a metric but an AD administrative distance

but the answer is yes use:

ip route 0.0.0.0 0.0.0.0 x.x.x.b 201

so this will be a backup static route used only if first one fails

Hope to help

Giuseppe

6 REPLIES
Hall of Fame Super Silver

Re: Two gateways of last resort

Hello Brit,

generally speaking PBR would be the right tool for this and would leave the EIGRP default route unaffected.

to be noted that PBR support on C4506 depends on supervisor type and IOS image.

Hope to help

Giuseppe

Community Member

Re: Two gateways of last resort

Gluseppe,

Thanks for the quick response! Our cores have SUP V's so I think we should be ok to run PBR. So my current default route is static:

ip route 0.0.0.0 0.0.0.0 x.x.x.A

Will I need to create a second default route and the use PRB to point to it?

ip route 0.0.0.0 0.0.0.0 x.x.x.b

access-list 101 permit ip 10.1.1.0 255.0.0.0 any <-- what do I use here? "any" will stomp on my local routes. How do I define "only if you don't have a local route'?

route-map LOCAL_MAP permit 10

match ip address 101

set ip next-hop x.x.x.b

ip local policy route-map LOCAL_MAP

Sorry for all the questions.

Hall of Fame Super Silver

Re: Two gateways of last resort

Hello Brit,

I think PBR should be used applying the route map to interface(s) that receives the traffic to be diverted.

>> How do I define "only if you don't have a local route'?

use

set ip default next-hop x.x.x.b

in this way the routing table is consulted first if no entry exists the route-map set next-hop is applied

be aware that using two static routes in this way will case outbound load balancing

Hope to help

Giuseppe

Community Member

Re: Two gateways of last resort

Gluseppe,

I don't want to load balance so will placing a higher metric on the second default route rule out load balancing?

Hall of Fame Super Silver

Re: Two gateways of last resort

Hello Brit,

I was in doubt about this ...

the number you place at the end of a static route is not a metric but an AD administrative distance

but the answer is yes use:

ip route 0.0.0.0 0.0.0.0 x.x.x.b 201

so this will be a backup static route used only if first one fails

Hope to help

Giuseppe

Community Member

Re: Two gateways of last resort

Gluseppe,

That answers it, thanks for your help!

2044
Views
0
Helpful
6
Replies
CreatePlease to create content