routing only specific ip in a given subnet over a certain link

admioli · ‎09-17-2004

I am tring to send certain Ip address in a class c address range over a specific vpn link and the rest over another vpn link. I also want to be able to failover in either diection if either link goes down what would be the best way to accomplish this.

Richard Burts · ‎09-17-2004

It would be easier to give you a better answer if we knew some things about your environment and your requirements. How are your VPN links set up, are you running a dynamic routing protocol over the VPN links.

Part of the answer will involve Policy Based Routing. In Policy Based Routing you create a route map which will identify traffic to process and can use an access list to identify traffic whose source address is that certain IP address. In the route map you can set the net hop address or specify the output interface for that traffic which will over-ride the normal routing decision.

You will want to set it up so that most traffic is forwarded over one VPN link and the policy routed traffic is forwarded over the other VPN link. The nice thing about policy based routing is that if the special forwarding path is not available it will resort to normal routing. So part of your failover is taken care of.

How you set it up so that normal traffic is forwarded over one VPN link and how you will accomplish failover will depend on whether you are running a dynamic routing protocol or are routing with static routes.

HTH

Rick

HTH

Rick

admioli · ‎09-18-2004

The network is set up with rip verison 2 on the netscreen firewalls and internal switch routers. The Edge router is supplied by an ISP and is controlled by them and is only static route based. I thought that policy based routing would solve the issue but was not sure about how the failover would work and it looks like its automatic based on you recent reply. I think I now know what to do thank you very much for your support.