04-01-2006 01:12 PM - edited 03-03-2019 12:16 PM
I have a site with 2 paths to the Internet. One path is via another site connected to the same Frame Relay cloud I am on, and the other is using a Comcast connection linked up to my fa 0/1 interface with a PIX in between. What I would like to do is send certain subnets to one connection, and other subnets to the 2nd connection. I was thinking I could append an access list to a static route, but no option of that kind appears available. I've thought of trying to use a distribute list to accomplish this, but that doesn't seem to be workable either. Is there a way to accomplish this?
Thank you,
Bill
04-01-2006 01:23 PM
Hello,
Policy Based Routing seems to be the feature you are looking for. It allows you to take routing decisions based on source IP or even TCP/UDP ports. Detailed descriptions and an example coniguration can be found in "Policy Based Routing with the Multiple Tracking Options Feature Configuration Example" at
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml
or in "Policy-Based Routing Using the set ip default next-hop and set ip next-hop Commands Configuration Example" at
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
Hope this helps! Please rate all posts.
Regards, Martin
04-01-2006 02:59 PM
the diagram and access-list from the 2nd note look like they're routing traffic from an interface to an interface. I will be trying to route traffic based on subnets, or VLANs. Right now I'm trying a test using a single host address, and while the access-list is getting hits, the traffic is not being routed as desired. Maybe it's the default-next hop or ip next-hop commands? It looks like it is applying the policy, but the route I'm trying to send the traffic to is not in the routing table. That link is up however. Right now my routing consists of a floating static route with a higher admin distance of the default route being propagated via RIP. Is the fact that the route has this higher distance mean the policy routing considers it unavailable?
Hummelstown2811#sh route-map
route-map Comcast, permit, sequence 10
Match clauses:
ip address (access-lists): 110
Set clauses:
ip next-hop 192.168.64.2
Policy routing matches: 389 packets, 126690 bytes
Hummelstown2811#
Hummelstown2811#sh access-l 110
Extended IP access list 110
10 permit ip host 10.4.0.91 any log (29 matches)
Routing entry for 0.0.0.0/0, supernet
Known via "rip", distance 120, metric 2, candidate default path
Redistributing via rip
Advertised by rip (self originated)
Last update from 152.162.7.33 on Serial0/0/0.1, 00:00:01 ago
Routing Descriptor Blocks:
* 152.162.7.33, from 152.162.7.33, 00:00:01 ago, via Serial0/0/0.1
Route metric is 2, traffic share count is 1
This is the interface connected to Comcast
interface FastEthernet0/1
description Comcast Interface$FW_OUTSIDE$$ETH-LAN$
ip address 192.168.64.3 255.255.255.0
ip verify unicast reverse-path
ip nat outside
ip inspect DEFAULT100 out
ip ips sdm_ips_rule in
no ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
end
This is the interface connected to the Frame
Hummelstown2811#
Hummelstown2811#sh int s 0/0/0.1
Serial0/0/0.1 is up, line protocol is up
Hardware is GT96K with integrated T1 CSU/DSU
Description: Verizon Business MPLS Circuit hummelstown-pa_bcbh71fw0001-1542711
Internet address is 152.162.7.34/30
MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,
reliability 255/255, txload 5/255, rxload 1/255
Encapsulation FRAME-RELAY
additional info
track 9 rtr 1 reachability
interface FastEthernet0/0
description LAN interface$FW_INSIDE$$ETH-LAN$
ip address 10.4.0.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
ip route-cache flow
ip policy route-map Comcast
duplex auto
speed 100
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.64.2 200 track 9
ip route 10.4.2.0 255.255.255.0 10.0.4.2
ip route 10.4.3.0 255.255.255.0 10.4.0.84
ip route 10.4.5.0 255.255.255.0 10.4.0.84
ip route 10.4.6.0 255.255.255.0 10.4.0.84
ip route 10.4.7.0 255.255.255.0 10.4.0.84
ip route 10.4.8.0 255.255.255.0 10.4.0.84
ip route 192.168.15.0 255.255.255.0 10.0.4.2
ip route 192.168.64.0 255.255.255.0 192.168.64.2
ip route 192.168.88.0 255.255.255.0 10.3.0.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide