Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

route-map / next-hop

I have an example as shown in the attachment.

Host 192.168.200.1 must route to RTR-1 as primary route and the rest of the traffic will be thru RTR-2. I made this possible already by putting the route-map/next-hop 10.10.1.1 on RTR-1 which is okay.

But if you'll notice, the routes is awkward because host 192.168.200.1 will route to RTR-2 (10.10.1.2) first and back to 10.10.1.1.

Is there any way that host 192.168.200.1 will go directly to 10.10.1.1? I am trying to put the PBR statement on the inside-sw1 but it still passing to RTR-2.

the traceroute to 4.2.2.2 looks like this:

192.168.200.3 (HSRP VIP)

10.10.1.2

10.10.1.1

4.2.2.2

9 REPLIES

Re: route-map / next-hop

You can try using a PBR at the interface with IP 10.10.10.5 of the firewall (interface towards RTR-1) to route all traffic from 192.168.200.1 to the 10.10.10.1 ip. Similarly, for the reverse route, you may put routing information of the host only ip (255.255.255.255 subnet mask) and then route the entire subnet 192.168.200.0/24 separately

Silver

Re: route-map / next-hop

What about if you put default route at 192.168.200.1 as a 10.10.10.1?

" Drawing doesn't shows 10.10.1.1, so i consider 10.10.1.1 as a 10.10.10.1-RTR-1 "

Thanks,

Dharmesh Purohit

Re: route-map / next-hop

This will not work with the scenario.

New Member

Re: route-map / next-hop

yeah ... typo error ... that is 10.10.10.0/24

New Member

Re: route-map / next-hop

yeah ... typo error ... that is 10.10.10.0/24

Re: route-map / next-hop

your traffic is going through firewall,

but you cannot do PBR on the firewall.

so RTR2 is the first hop, where you can do it.

[Pls RATE if HELPS]

New Member

Re: route-map / next-hop

looks like PBR on the firewall is not an option and i tried that too.

Bronze

Re: route-map / next-hop

I don't think you can have traffic with source address 192.168.200.1 go directly to 10.10.10.1 (through 10.10.10.5) unless you send all traffic to 10.10.10.1. Firewalls don't support PBR (at least they don't that I know of) so you won't be able to route to 10.10.10.1 from 10.10.10.5 based on source address.

Have you thought about replacing the two layer 2 switches with layer 3 devices that can do PBR?

New Member

Re: route-map / next-hop

Is that the outside L2 switches you're referring to? Yeah, that is what i'm thinking...

307
Views
0
Helpful
9
Replies