This is a lab scenario that closely depicts a [not yet] production solution. The desired result is to leverage an existing WAN router with available interfaces rather than use a seperate WAN router for the ISP edge but to send internet traffic through the PIX. I have used two ospf areas so that the PIX can "track" the default route on the router which will point to a frame relay sub interface in production.
The challenge that I immediately faced was that although my router has multiple interfaces it only has one routing table. I need to have a static default route pointing to the ISP but since this gets propogated through EIGRP, I used policy routing to get the internet traffic to the PIX.
As far as I can tell this solution will work for me but I am sure that some of you will have some thoughts on this scenario. I am curious about other (maybe cleaner) ways of doing this. I attached a visio which includes configs.
I am unable to view the diagram due to a visio problem on my end. But, if your concern is the static default route getting propogated via EIGRP then you could filter the same with a distribute-list under EIGRP process. This way you could have a static default route pointing to the ISP and don't have to worry about the EIGRP neighbor routers learning the default route from this router.
If I misunderstood your requuirement then could you just clarify that.
If I originate a default route in ospf on the inside of the pix, it propagates throughout eigrp fine via residtribution on RTC and this is desired except on RTC which goes to the ISP. Here I want a static route to the outbound interface on RTC. When a static route with an administrative distance less than 170 is entered on RTC then the redistributed default route (from OSPF) gets knocked out of the routing table on RTB and RTB has no default route at all until I redistribute static routes on RTC into eigrp. If I raise the admin distance of the static route above 170 on RTC, the static route floats and RTC prefers the default route originating from OSPF and sending traffic back to the inside of the PIX. What I originally wanted to do was to filter the advertised default route coming from OSPF on PIX inside, but still allow that to propogate into EIGRP. I tried this on RTC with:
access-list 1 deny 0.0.0.0
access-list 1 permit any
router eigrp 50
distribute-list 1 in
But the default route redistributed from OSPF still injected into RTC.
You could filter the OSPF default route from entering the routing table. You applied the distribute list under the EIGRP process as per the above post and that's why it didn't work.
If you filter the OSPF default and add a static default route to point to the ISP then you need PBR to force the traffic from the LAN and off-sites to go to the inside (e0/0) interface of the PIX for it to apply the security policies and NAT rules. On RTC, you would also need PBR on the WAN interface to the ISP to force all traffic from the Internet to go to the outside interface (e0/1) of the PIX.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...