Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1523
Views
0
Helpful
5
Replies

route-map vs ip route 0.0.0.0 0.0.0.0

Mario Lessard
Level 1
Level 1

‎09-03-2013 11:18 AM - edited ‎03-04-2019 08:56 PM

Hi,

    I think I have a simple question. My router is basicly use to establish VPN with remote router. So, I have these line:

ip route 0.0.0.0 0.0.0.0 10.131.56.1

Also, for the users, the default gateway is this router. (10.131.56.4, the hub VPN)

I'm using EIGRP for routing.

So if I want to establish a VPN with a remote router I have to add this route

ip route [ip address remote router] 255.255.255.255 [default ip address provider internet]

With these lines, internet navigation go to 10.131.56.1 (that's perfect) because I don't want that an internet navigation use same internet for my VPN with remote site. For VPN, I'm using the provider attach to the router. That's perfect.

But, what I want to do is I would like to use DMVPN. So, the spoke could change public ip address any time. So, in the hub I would like to use this line:

ip route 0.0.0.0 0.0.0.0 [default ip address provider internet]

not this line

ip route 0.0.0.0 0.0.0.0 10.131.56.1 (for user's internet navigation, like presently)

So, what I have to do (i think) is a route-map.

Everything in 10.131.56.0 use this ip route (ip route 0.0.0.0 0.0.0.0 10.131.56.1)

and for other use ip route 0.0.0.0 0.0.0.0 [default ip address provider internet]

I don't know how to use route-map in this situation. Somebody could help me? Or, any other suggestion?

Thank you

Labels:
0 Helpful
5 Replies 5

Jan Hrnko
Level 4
Level 4

‎09-03-2013 11:26 AM

Hi Mario,

maybe you would like to use PBR (Policy based routing).

Somethinkg like:

access-list 1 permit 10.131.56.0 0.0.0.255

! 

interface [inbound interface]

 ip policy route-map mymap

!

route-map mymap permit 10

 match ip address 1

 set ip next-hop 10.131.56.1

route-map mymap permit 20

 set ip next-hop [default ip address provider internet]

In scenario like this, everyone in 10.131.56.0 /24 network will use 10.131.56.1 and all other traffic will use the internet provider ip address as next-hop.

Best regards,

Jan

0 Helpful

Mario Lessard
Level 1
Level 1
In response to Jan Hrnko

‎09-03-2013 11:36 AM

It makes sense. But could I have a problem to use next-hop then ip route? Is it the same thing for routing? I apply it on inbound interface, do I have to add a line anywhere with

ip route 0.0.0.0 0.0.0.0 .... for VPN?

Thank you Jan

0 Helpful

Jan Hrnko
Level 4
Level 4
In response to Mario Lessard

‎09-03-2013 11:46 AM

Hi Mario,

I'm not really sure if I got you right, but you don't have to add ip route anywhere.

Just one more thing regarding the command set ip next-hop:

The set ip next-hop command verifies the existence of the next hop specified, and…

  • if the next hop exists in the routing table, then the command policy routes the packet to the next hop.

  • if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.

and regarding PBR - when applied to interface, everything is routed accordingly by the route-map. When there is no match, packet are routed according to the regular routing table.

If you have any questions, please feel free to ask or look at this document:

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml

Best regards,

Jan

0 Helpful

Mario Lessard
Level 1
Level 1
In response to Jan Hrnko

‎09-03-2013 05:39 PM

I tried PBR lines but the problem is I can't communicate to VPN remote site because I'm in 10.131.56.0 range and my next hop is 10.131.56.1. So, for example, I want to communicate to 10.135.50.X and this network is a remote site from VPN connection.

When I trace it it's:

10.131.56.5

10.131.56.1

10.131.56.5

10.131.56.1

...

It's a loop. So PBR bypass EIGRP table.

Thanks

0 Helpful

Jan Hrnko
Level 4
Level 4
In response to Mario Lessard

‎09-04-2013 02:45 AM

Hi Mario,

Aaah I'm sorry, my bad, I didn't understand you correctly the first time. You want to use PBR on everything else and route 10.131.56.x according to the normal routing table, right?

In that case, try:

access-list 1 permit 10.131.56.0 0.0.0.255

! 

interface [inbound interface]

 ip policy route-map mymap

!

route-map mymap deny 10

 match ip address 1

route-map mymap permit 20

 set ip next-hop [default ip address provider internet]

In this scenario, everything in the 10.131.56.x /24 is routed by the normal routing table (is denied by the route-map) and everything else is routed by the route-map to the default ip address of ISP. I hope that I got it right this time.

Best regards,

Jan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card