Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1901
Views
6
Helpful
64
Replies

IP ROUTING

Go to solution
fmugambi
Spotlight
Spotlight

‎05-28-2024 06:34 AM

Hello guys, below is my topology,

fmugambi_0-1716902477086.png

I have added internet fw  and introduced ISP on site B.

Before site B resources/ servers would go via mpls to site a to access internet.

I introduced the above to make each site use its own isp respectively.

I ran to challenges, site b resources were not able to get to their isp/internet, until i introduced " ip route 0.0.0.0/0 sitebinternetfw interface. --> which works but causes some issues.

is there a way, to manipulate just internet traffic for site b resources without introducing static entries? and not affecting site a and b from communicating with each other?

Labels:
0 Helpful
64 Replies 64

Go to solution
MHM Cisco World
VIP
VIP
In response to fmugambi

‎06-11-2024 01:28 AM - edited ‎06-11-2024 01:29 AM

Filter we have in your case

1- redis staitc into ospf using route-map

2- redis ospf into bgp using

A- route-map

B- using match and specify in or ex1 or ex2 or mix

3- using bgp route-map OUT

These three filter can be use in your case. 

MHM

0 Helpful

Go to solution
fmugambi
Spotlight
Spotlight
In response to MHM Cisco World

‎06-14-2024 02:48 AM

thank you alot, i implemented this on production network, site b now knows site a static routes and vice-versa.

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to fmugambi

‎06-14-2024 02:57 AM

You are so welcome 

have a nice summer 

MHM

Go to solution
fmugambi
Spotlight
Spotlight

‎06-07-2024 05:49 AM

or since permit is 10, and deny is 1000, then 10 takes the day?

0 Helpful

Go to solution
paul driver
VIP
VIP

‎06-11-2024 12:17 AM

Hello

@fmugambi wrote:
now when i want to introduce isp specific access to each site, the easiet way i went about it was, introducing the 0.0.0.0/0 to ciscoasa fw on site b.--> site b resources now get their internet access via their site b isp. my problem comes, when vpn

1. how to sort vpn learnt static routes be advertised to site b without introducing static routes at 1941 site mpls edge router?
2. is it possible as the setup is, make site b resources uses site b isp, without introducing default route at site be core sw?


The assumption is both sites are in their own ASN ?

If so, the fw and the 1941 rtr at each site needs to know of each other via bgp so suggest to remove these static routes you have introduced, Create an IBGP peering between each sites bgp rtr and its own FW, advertise a default from each fw into bgp and redistribute that into ospf type 1 with low seed metric.
By default the external traffic should route via its own ISP  and s2s traffic will traverse over the the s2s bgp peering.

Upon failure of any sites ISP, lan traffic from that site will re-route over the s2s bgp peering for external connectivity  


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card