Need route map examples

jkrawczyk · ‎09-13-2005

Hi;

I have a 2691 router with 4 fastethernet and 2 T1 cards. One serial port is my production WAN hosting my GRE/VPN interoffice connections. Two fast ethernet ports are part of my DMZ. fa1/0 is attached to my DMZ switch, and fa1/1 is cnnected to a 2503 e0 router, which the s0 on this 2503 hits te Internet.

I currently have "ip policy route-map BYPASS_VPN" in my interface fa1/0 and a route map with the next hop defined as well.

This all works fine.

I now need to initiate from within my DMZ an ftp session into my production network, so the next hop will not be my DMZ router.

Can anyone supply me with some examples as to how you folks do this?

Regards

Jeff

thisisshanky · ‎09-13-2005

Can you paste your configs. Why do you have a route-map in the first place, when you could run routing protocol over the GRE/VPN topology to know about routes in your production network, while have a default route to 2503 for Internet traffic ?

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

jkrawczyk · ‎09-13-2005

Hi;

The reason why I have a second T1 line is this:

I have an application that utilizes 100% of circuit capacity. This application, when launched, killed my production T1 link. The work around was to implement a second T1 line and use this link solely for this business application. Now, I call this segmented network DMZ. In addition to me launching this killer application to an Internet based customer facility, I have a need to ftp to one of my internal machines. I do not advertise DMZ IP address space on my inside network, so yes, I can get to the inside FTP server, but the return path isn't known, and I do not want to use static routes. Therefore I'm looking at a nat statement and an access list.

Ideas?

Jeff