Re: Static Routing vs. Policy based routing

doliver · ‎12-09-2003

Quick question (I hope). I have remote site that is connected to HQ via frame relay. We have just added an Internet T1 to the site and have established a site to site VPN tunnel (PIX). I need to route email (MS Exchange) through the VPN tunnel and all other traffic over the frame. My question is will the following static route aaplied on the frame router perform the same funtion as the route map listed below? any input is appreciated.

Static Route

ip route <ip of mail server> 255.255.255.255 <ip of internal if of PIX>

Route map

access-list 111 permit ip any host <ip of mail server>

!

route-map mail permit 10

match ip address 111

set ip next-hop <IP of internal if of pix>

!

interface FastEthernet0

ip policy route-map mail

Georg Pauwen · ‎12-09-2003

Hello,

yes, the static route and the route map have the same result. I would set the static route instead of the route-map, since policy routing is, in general, more CPU intensive.

Regards,

Georg

doliver · ‎12-09-2003

Georg,

Thanks for the reply. Do I need to apply anything to the corporate end? If a host at the remote site initiates a request to the mail server, will the return traffic pass over the VPN tunnel or will it go over the default frame connection?

Georg Pauwen · ‎12-09-2003

Hello,

I would add a static route at the remote site as well to explicitly route all traffic to the mail server through the VPN tunnel.

Regards,

Georg

rajesh444 · ‎12-10-2003

Hi,

At the corporate end, if you have a static route for all traffic destined for the remote-site to go back through the frame circuit then you will need to use route-map to send email traffic over the VPN tunnel.

For eg:

Static Route

ip route 255.255.255.255

Route map

access-list 100 permit ip host any eq smtp

!

route-map mail permit 10

match ip address 100

set ip next-hop

!

interface FastEthernet0

ip policy route-map mail

Hope this helps,

Rajesh