03-23-2006 12:57 PM - edited 03-03-2019 02:26 AM
I have a network with an MS ISA Server and a PIX. The ISA is the primary path out for all clients (proxy and other). The PIX is the end security device. However, the PIX also plugs into the LAN for services that need to bypass the ISA.
I have a default route to push all outbound traffic to the ISA/Proxy server:
ip route 0.0.0.0 0.0.0.0 10.10.1.5
Now, we would like certain traffic (specific IP addresses in different VLANs) to go to 10.10.5.1 (the PIX) as their default gateway.
How could we do this?
Solved! Go to Solution.
03-23-2006 01:08 PM
You could accomplish this using Policy Based Routing.
You will need to configure an access-list to match against the addresses you want to go out the PIX.
Then create a route-map which matches the access-list, and sets a default next hop IP.
Then apply the policy to an interface or multiple interfaces on the device doing the PBR. This can also be applied to VLAN interfaces.
Hope this helps
Martin
Please rate useful posts
03-23-2006 01:08 PM
You could accomplish this using Policy Based Routing.
You will need to configure an access-list to match against the addresses you want to go out the PIX.
Then create a route-map which matches the access-list, and sets a default next hop IP.
Then apply the policy to an interface or multiple interfaces on the device doing the PBR. This can also be applied to VLAN interfaces.
Hope this helps
Martin
Please rate useful posts
03-23-2006 03:05 PM
Hi,
Could you post a figure with your topology ?
Paresh
03-24-2006 05:17 AM
M.Parry,
That looks great. I think that is exactly what I am looking for. I knew there had to be a way to do it but I was just stuck.
Thanks for saving me on this one! I am going to test it all out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide