Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Using Policy routing to force WAN frame to go through Watchguard Firewall

Ok.. Here's my situation, I have 45 some odd branch locations all coming in through Frame Relay. As of right now, they have full access to the Internet because they come in one Serial interface of my 2620 router and out the other to the Internet. Only the HQ is protected by the firewall. I want to use Policy routing to force the packets through the firewall so they can be not only protected but monitored as well... Here's a chunk of my config:

interface Serial0/1.XX point-to-point

ip address 10.XX.XX.XX 255.255.255.252 <- 10.0.0.0 scheme for router

no ip directed-broadcast

ip nat inside

frame-relay interface-dlci XXX

!

ip nat pool XXX XXX.XXX.XXX.X XXX.XXX.XXX.X netmask 255.255.255.224

ip nat inside source list 1 pool XXX overload

!

access-list 101 permit ip any any

!

route-map XXX permit 10

match ip address 101

set ip next-hop XXX.XXX.X.XX <- My Firewall (inside address)

!

route-map XXX permit 20

Help! I have never used policy routing before!

1 REPLY
Bronze

Re: Using Policy routing to force WAN frame to go through Watchg

You'll want to read through the Policy Routing Whitepaper, located at http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm

150
Views
0
Helpful
1
Replies
CreatePlease to create content