06-07-2011 11:13 AM - edited 03-04-2019 12:38 PM
I am currently running BGP with my ISP for 2 links provided by them. All our incoming traffic is sent to the firewall by the directly connected network on ethernet interface. I want to be able to match traffic from a source and sent it to another destination other than the firewall. It looks like I can do this with a route-map? Would this be correct?
access-list 110 permit ip host x.x.x.x (some source) host 1.2.3.10 (static rule on firewall)
route-map varnish-access permit 10
match ip addess 110
set ip next-hop 1.2.3.20 (another host outside firewall)
set interface g 0/1
int g 0/1
ip policy route-map varnish-access
06-07-2011 11:26 AM
Hi,
Yes you can do this with PBR. To make sure that using a "set ip next-hop" is for the ip address that is a next-hop of connected interface on the router. To make sure that the direction of acl you created is correct. The following command is what you want.
!
route-map varnish-access permit 10
match ip addess 110
set ip next-hop 1.2.3.20 (another host outside firewall)
!
HTH,
Toshi
06-07-2011 02:16 PM
Are you saying that the next hop needs to be the router IP address? My next hop was going to be the server directly connected to same segment as firewall
Router to ISP G-0/1 1.1.1.1
Router 1.2.3.1
Firewall 1.2.3.254
Next Hop server 1.2.3.20
06-07-2011 03:04 PM
The next-hop IP address can be the IP address of any device you want ie. a router/switch/firewall/server/host etc.
Jon
06-08-2011 07:34 PM
The policy based route worked fine however it opened another issue. What I am trying to accomplish with the route is the next hop I am using is a proxy server to cache web content. What is happening is the server sees the request and forwards it to the firewall to access real server but it is forwarding the traffic with original source IP of requester and not the proxy server address so the return traffic does not go through proxy server. Any ideas?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide