07-01-2020 01:41 PM
Hello,
Is it possible to use policy based routing to have a different default route applied to a specific host?
For example I have two ISP's that connect directly to my external firewall and behind that firewall I have a Cisco 4500X. My host is 10.5.5.5 and Instead of following the 4500X's default route I would like to have it's next hop for public internet IP's only to be 4.30.2.2 but still have the rest of the 4500X's normal routing table apply for non internet traffic.
How would I go about configuring this?
07-01-2020 02:07 PM
Trying to understand your network flow. how are you going to achieve this, if the device does not have any visibility directly to external IP ?
07-01-2020 11:33 PM
Hello @mikejensen83 ,
from the network description the catalyst C4500-X is not directly connected to the two ISPs.
If you want one specific source IP to exit to the internet via ISP-2 this configuration needs to be performed on the firewall and it will be a combination of PBR and NAT.
The PBR configuration is local to the device where you configure it, even if you configure it on the C4500-X then the packet is passed to the firewall that is not aware of the PBR configuration on the switch and would try to NAT and send the packet via ISP-1 if you have a primary/backup strategy.
This is why you should work on the firewall directly:
a) packets sent to the firewall are for sure not with an internal destination if the C4500-X performs inter VLAN routing
b) the firewall in any case is the only device able to perform NAT that has to be performed accordingly to the chosen exit interface / internet next-hop.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide