03-12-2007 12:42 PM - edited 03-03-2019 04:08 PM
Hi,
I am in a typical situation, here is a sample of static routes from my 4506 switch.
ip route 10.1.20.216 255.255.255.255 10.4.8.250
ip route 10.1.20.236 255.255.255.255 10.4.8.250
ip route 10.1.20.250 255.255.255.255 10.4.8.250
ip route 10.1.20.252 255.255.255.255 10.4.8.250
ip route 10.2.0.101 255.255.255.255 10.4.8.250
ip route 10.2.1.43 255.255.255.255 10.4.8.250
ip route 10.2.1.44 255.255.255.255 10.4.8.250
ip route 10.2.1.55 255.255.255.255 10.4.8.250
ip route 10.2.1.56 255.255.255.248 10.4.8.250
ip route 10.2.1.65 255.255.255.255 10.4.8.250
ip route 10.2.1.66 255.255.255.255 10.4.8.250
ip route 10.2.2.55 255.255.255.255 10.4.8.250
ip route 10.2.2.56 255.255.255.248 10.4.8.250
My question is, do we have any feature (like object-grouping for ACLs) where in I can group all the multiple static routes on my switch into a group and add just one route with that group something similar to object grouping for ACL.
Thanks in advance.
Regards
Salim
03-12-2007 01:21 PM
Salim,
I am not aware of any feature, like object-grouping for ACL, that would allow you to group some routes in the IOS.
If your goal is to shrink the routing table then you can summarize the routes with the most efficient mask possible. This is certainly possible in your case as the next hop for all those host routes is the same one. Moreover, this would require you to configure fewer routes and limit the amount of configuration required.
For example, the 13 host routes in your posting can be summarized to 5 as follows. Though, it does allow other some traffic to be forwarded to the next hop it would, at the least, shrink the the routing table to some extent to make it more easily readable.
ip route 10.1.20.192 255.255.255.192 10.4.8.250
ip route 10.2.0.101 255.255.255.255 10.4.8.250
ip route 10.2.1.0 255.255.255.192 10.4.8.250
ip route 10.2.1.64 255.255.255.252 10.4.8.250
ip route 10.2.2.48 255.255.255.248 10.4.8.250
HTH
Sundar
03-12-2007 01:32 PM
Hi Sundar,
Thanks for the suggestion, my problem is we have multiple VPNs getting terminated on multiple firewalls, basically we have multiple clients and each client has got its own VPN. now the problem is there are few overlapping subnet if i do route summarization, that is the reason why we have multiple static routes.
put in other words, 10.1.20.216 is used on one VPN and 10.1.20.219 is used on other vpn which is not listed in the above sample, i have sorted out the sample to show all destinations going on one pix.
Will policy based routing help in this scenarios?
thanks again
Regards
Salim
03-12-2007 01:59 PM
Salim,
Ahh I see. Yes, PBR should be suitable for your scenario. You can configure the route map something similar to this one;
route-map VPN permit 10
match address 100
set ip next-hop 10.4.8.250
route-map VPN permit 20
match ip address 101
set ip next-hop 10.4.9.250
access-list 100 permit ip any 10.1.20.216
access-list 101 permit ip any 10.1.20.219
HTH
Sundar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide