Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
451
Views
0
Helpful
2
Replies

Policy Based Route - different default route for a specific host

mikejensen83
Level 1
Level 1

‎07-01-2020 01:41 PM

Hello,

 

Is it possible to use policy based routing to have a different default route applied to a specific host?

 

For example I have two ISP's that connect directly to my external firewall and behind that firewall I have a Cisco 4500X.  My host is 10.5.5.5 and Instead of following the 4500X's default route I would like to have it's next hop for public internet IP's only to be 4.30.2.2 but still have the rest of the 4500X's normal routing table apply for non internet traffic.

 

How would I go about configuring this?

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎07-01-2020 02:07 PM

Trying to understand your network flow. how are you going to achieve this, if the device does not have any visibility directly to external IP ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-01-2020 11:33 PM

Hello @mikejensen83 ,

from the network description the catalyst C4500-X is not directly connected to the two ISPs.

If you want one specific source IP to exit to the internet via ISP-2 this configuration needs to be performed on the firewall and it will be a combination of PBR and NAT.

The PBR configuration is local to the device where you configure it, even if you configure it on the C4500-X then the packet is passed to the firewall that is not aware of the PBR configuration on the switch and would try to NAT and send the packet via ISP-1 if you have a primary/backup strategy.

This is why you should work on the firewall directly:

a) packets sent to the firewall are for sure not with an internal destination if the C4500-X performs inter VLAN routing

b) the firewall in any case is the only device able to perform NAT that has to be performed accordingly to the chosen exit interface / internet next-hop.

 

Hope to help

Giuseppe

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card