Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN Routing

I have 5 Vlans in my L3 Switch i want to all 4 vlans traffic to route via my ISA Proxy sever (Proxy Server Connected to 1st ISP) and . I want to route the 5th vlan traffic via my ASA firewall (ASA is connected to 2nd ISP )

7 REPLIES

Re: VLAN Routing

Take a look at policy-based routing, you would have a gateway to the ISA server for the 4 VLANs, and a policy to route via the ASA from the subnet assigned to the 5th VLAN.

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr.html

New Member

Re: VLAN Routing

This is the sample configuration for PBR

access-list 1 permit ip 1.1.1.1

access-list 2 permit ip 2.2.2.2

!

interface fastethernet 1

ip policy route-map equal-access

!

route-map equal-access permit 10

match ip address 1

set ip default next-hop 6.6.6.6

route-map equal-access permit 20

match ip address 2

set ip default next-hop 7.7.7.7

route-map equal-access permit 30

set default interface null0

From this above sample configuration can you please explain the below mentioned two lines two lines

Please refer my N/W Diagram attached with this mail

interface fastethernet 1

ip policy route-map equal-access

New Member

Re: VLAN Routing

This is the sample configuration for PBR

access-list 1 permit ip 1.1.1.1

access-list 2 permit ip 2.2.2.2

!

interface fastethernet 1

ip policy route-map equal-access

!

route-map equal-access permit 10

match ip address 1

set ip default next-hop 6.6.6.6

route-map equal-access permit 20

match ip address 2

set ip default next-hop 7.7.7.7

route-map equal-access permit 30

set default interface null0

From this above sample configuration can you please explain the below mentioned two lines two lines

Please refer my N/W Diagram attached with this mail

interface fastethernet 1

ip policy route-map equal-access

Re: VLAN Routing

Ricky,

The configuration tells the router to do PBR i.e to look at the route-map equal-access before making the forwarding decision.

BTW, as per your earlier post you wanted one of the vlans to be sent to the ASA and hence the above command should actually be configured under the VLAN SVI

Narayan

New Member

Re: VLAN Routing

Can you tell under which VLAN i have to configure that

Please refer the Network diagram and tell

me

Re: VLAN Routing

As per the network diagram, both the ISA and ASA are having the same ip address 10.0.17.1

Also i am not sure which vlans traffic needs to go the ASA from the network diagram

for eg... if you require vlan 5 traffic to go to ASA, then configure it under vlan 5 interface

int vlan 5

ip policy route-map

You also need to make sure that the access-lists are defined properly which are eferenced under the route map

HTH

Narayan

New Member

Re: VLAN Routing

access-list 105 permit ip x.x.x.x x.x.x.x any

!

interface vlan 4

ip policy route-map test

!

route-map test permit 1

match ip address 105

set ip default next-hop x.x.x.x (ASA Gateway)

I have 5 Vlans in my L3 Switch i want to all 4 vlans traffic to route via my ISA Proxy sever (Proxy Server Connected to 1st ISP) and . I want to route the 5th vlan traffic via my ASA firewall (ASA is connected to 2nd ISP )

I tried this but it is not working

389
Views
0
Helpful
7
Replies